Compare commits
459 Commits
487f196f19
...
renovate/r
Author | SHA1 | Date | |
---|---|---|---|
c299aa0c9d | |||
f3331b7c36 | |||
359809ec3e | |||
5d317815a6 | |||
3060651f33 | |||
1267aee558 | |||
c4deb4530c | |||
8071aaf13c | |||
b3507ddbb4 | |||
bfcddd7a76 | |||
b3aa166e16 | |||
2bc0b9f4df | |||
b6b5027601 | |||
c22d5d3428
|
|||
6c34c4ca9e | |||
d32d64d78e | |||
cf3a9b9aba | |||
643ba071e0 | |||
42c7163710 | |||
ca76486945 | |||
a8142056c6 | |||
8f8bd1d7f1 | |||
28ce27280d
|
|||
8442208f02
|
|||
6d9ebaf533
|
|||
b83ddcce89
|
|||
6a5360a803
|
|||
d6ad2f1c79
|
|||
68a06195e9
|
|||
b8e08002dd
|
|||
3fa3703b27
|
|||
84fbd628db
|
|||
32158e4cef
|
|||
7c52a9dc34
|
|||
8d2ab9205a | |||
e2fafc6a7e | |||
375343d100 | |||
0eb69ef4f5 | |||
de9197d740 | |||
abbc4fc453 | |||
77d24ae009 | |||
193406e7df | |||
c15da69d83 | |||
23a6d889f1 | |||
57ac458504
|
|||
e53a02014a
|
|||
eefb79771f
|
|||
a3f8762679
|
|||
6e064edb7c
|
|||
0243dc08e7
|
|||
a6ce82e001
|
|||
68d172423c
|
|||
390986ffaa
|
|||
44b8088899 | |||
6de863bba5 | |||
4ea8bf9acd
|
|||
c3053250a3
|
|||
91a3cc22b0
|
|||
d97cdc1bdc
|
|||
435cee3116
|
|||
5950568286
|
|||
2d6faab122
|
|||
2eca62bf5d
|
|||
aa3c98d453 | |||
b334e52544 | |||
78af20ec62
|
|||
cfb3de7e76
|
|||
627b997241
|
|||
aa1163aab9
|
|||
3c5c5e9016
|
|||
42328cb5f0
|
|||
f4aac5f5e6
|
|||
87286c91d0
|
|||
9aa1b0f522
|
|||
2cf08255cc
|
|||
5e8e1ff294
|
|||
556ba744f9
|
|||
9565bee15f
|
|||
487aea3af4
|
|||
c6380f0350
|
|||
6ce44f3132
|
|||
63510aa4bb
|
|||
f25ef5e5bb
|
|||
5ac34d3890 | |||
8a7ad6fa2d | |||
3914740922 | |||
56f61deeb3 | |||
4c406eed40 | |||
1ee1ba0659 | |||
ae06bd0ab6 | |||
56100ba077 | |||
bb057547a8 | |||
00c78fddd5 | |||
d7be1186c7 | |||
d4a3d5f4a7 | |||
e59f5f6e65 | |||
a8c0df9ee4 | |||
33f9840d59 | |||
1546086d4f | |||
2457da2a2a | |||
b3ec9a50ea | |||
ef70214fd5 | |||
2b635174c3 | |||
cc6aaa1ada | |||
7c14d00db2 | |||
39b0214072
|
|||
5d6de0a908
|
|||
8984be1a62
|
|||
f6676c48cc | |||
e53e6a0c9a | |||
b395df357f | |||
852ae844df | |||
5c6bd05521 | |||
9a25a5263d | |||
d600d44640 | |||
d953074087 | |||
74e86f87c8 | |||
feb0de1c9d | |||
83a641b34e | |||
5e86b0ffda | |||
b143308932 | |||
810eb8ed6d | |||
a9524e45df | |||
2ea10159d8 | |||
33085f1a54 | |||
a7884d764b | |||
6903747c00 | |||
2217f7f101 | |||
40443c4be1 | |||
89aebf5895 | |||
10741683b2 | |||
ba4ee220c1 | |||
f55acd82a4
|
|||
314681c10f | |||
9fc81a0452 | |||
13063eb3f8 | |||
96e98d7dde | |||
463e37635e | |||
bc2a922951 | |||
05eb14776c | |||
9ee1014824 | |||
ad6ec78c6a | |||
2947579d33 | |||
02f8a39dc5 | |||
2190a241b6 | |||
7093f0f211 | |||
ac8acd2165 | |||
b1e6442059 | |||
9ad5da2fe5 | |||
03f8bcfd35 | |||
e426a6228b | |||
f57d351e49
|
|||
dc69e26a94 | |||
0d7878cce8
|
|||
7f85fe082d
|
|||
130d26e0ed | |||
39e0aa7525 | |||
4978dbcd80
|
|||
6b4ffa50d2 | |||
0217bf4735 | |||
b690be812c
|
|||
6ddef721ba | |||
c17dfa5da9 | |||
f588f2a44b | |||
b8705dfdc9 | |||
dcc50b0d69
|
|||
f7c15e56d5
|
|||
1402eca48b | |||
ebd4fbec1e | |||
382b517a6d | |||
bfb8c513e3 | |||
38b3fe7fd7 | |||
c107d27b29 | |||
ea974fb72c | |||
bf2d7d07e1 | |||
e551a03ee1 | |||
9ab127c188 | |||
741e6076ca | |||
c052f58667 | |||
2ff6f0c76d | |||
52dfa38d0c | |||
230f923c48 | |||
a41173dc72 | |||
a43ebd1b6c | |||
3aa82fa296 | |||
2fe02d459d | |||
c9f96350cc | |||
2dfe00fd40 | |||
1b450acfe2 | |||
df895b6bed | |||
238251b657 | |||
74e9162d72 | |||
d8e7a2ce28 | |||
1b32d110c7
|
|||
40bb305ff9 | |||
884621fd47 | |||
fdd6416b8c | |||
e3e0be048a | |||
507446aac2
|
|||
869e8436df
|
|||
3f78cd2d2e
|
|||
a2e8a14dac
|
|||
1c76f00adc
|
|||
1cd38b1ff2 | |||
774cae1887 | |||
642b90d7b5 | |||
ae8056ff98 | |||
67548d0f79 | |||
adc9441f35 | |||
3e765e4b0c | |||
1086b5334d | |||
a4041fb853
|
|||
9830b9d947 | |||
4261efc3ff | |||
9aae8abd53 | |||
bb387b8bc4 | |||
3aadc6846b | |||
fd5061a748 | |||
23e2cf7d08
|
|||
e9a5ad781c
|
|||
4894baaee3 | |||
7052631867 | |||
3fd3ae4a0d | |||
17fd27b383
|
|||
85749ee068 | |||
eb09dc0341 | |||
e2546b9af3 | |||
c94323fe1e | |||
64e9bdab0e | |||
c57c405fc2 | |||
cfd0236b43 | |||
6c63c7d3dd | |||
47aeb1fcc2 | |||
abc90c925e | |||
bc215f8efe | |||
00d1bf12ea | |||
aca0ccaf31 | |||
3c76bd90e7 | |||
463e3b41f8 | |||
e30d58c3a9 | |||
b2e51da87a | |||
932a2acf31 | |||
412c381ffe | |||
aff0b56fa1 | |||
dd0e5712cd
|
|||
d85e60b6e8
|
|||
ca12ae98db
|
|||
d17c666e1c | |||
c325e7f1ed | |||
bcd6edbabb | |||
d38f4d27ff | |||
98a28d7708 | |||
05af720e37 | |||
3214e5e5cb | |||
b3187e9888 | |||
cc9acb272e | |||
cb56295334 | |||
0a7bad5eca | |||
7cc637784d | |||
ea4ce92a75 | |||
bfd5c1060d | |||
f92d04f2e5 | |||
d65a7b2425 | |||
1b3c6754c0 | |||
858ab70918 | |||
ce4d7689c9 | |||
4f5c4f4cbe | |||
7d3b5903e6 | |||
9a87f7fd08 | |||
b4257f8e5e
|
|||
12870a676b | |||
afd5dd2852 | |||
aaea56c02a | |||
a0354f73e8 | |||
8260992f26 | |||
b35963d0e2 | |||
f38e67a27f
|
|||
a78314870b | |||
bdd63dd931 | |||
cfb7df2284
|
|||
99d6735566
|
|||
1279c8021a | |||
2063a41276 | |||
46492eb102 | |||
4f439b2945 | |||
41307f592d | |||
840e82d2b6 | |||
cf237c5511 | |||
88034e2ace | |||
f91b4ed999 | |||
7a7721dcb0 | |||
d88a3cc3a3 | |||
265266aeaf | |||
9db266845b
|
|||
071bdc5430 | |||
5361b55235 | |||
eaf3ad07fb | |||
92860e6722 | |||
d77f8c336a | |||
2a3eb40a7b | |||
4feceaa825 | |||
1158fefb62 | |||
be39341776 | |||
ebd19ac221 | |||
a2418505e1 | |||
e8c9322a1d | |||
e9c5def271 | |||
859b3b0bfa | |||
e4178332e0 | |||
b2b292cc72 | |||
a78cd55bed | |||
2c237322d9 | |||
1cf7308b3a | |||
ad7d0d3da5 | |||
409331495b | |||
25233e5a94 | |||
ea74e0ea8a | |||
fc4ecd125e | |||
9c77295110 | |||
bc8b0b33c8 | |||
b2f3411f3e | |||
c1054c5f56 | |||
08b7b65060 | |||
be4eface3b | |||
0f9a96f92d | |||
b9fb30c69a | |||
aa244425a5 | |||
7dc1627e7c | |||
96017eb7bd | |||
5ecc742ed3 | |||
f384617395 | |||
3a8e8743d3 | |||
5d6a0a72aa | |||
3b44d94de6 | |||
32158cd644 | |||
de161c7fa7 | |||
d2104909e0 | |||
9741310c8f | |||
41437d29a4 | |||
19d224e464 | |||
8703948897 | |||
ae72f8eed2 | |||
34c8d19f5e | |||
f5c04721a3 | |||
a211ca5dab | |||
63cf839be5 | |||
08462c22aa | |||
2ad1b24606 | |||
c5d53e005a
|
|||
983252387f | |||
2e7589074e | |||
10a0afc40d | |||
5cec671f7c | |||
3004031168 | |||
cb138bef7c | |||
94ea1b0af0
|
|||
45453891f4 | |||
3f06cb6d34 | |||
816eb8fe47 | |||
58fea21b12 | |||
d081adfaa7 | |||
8ce7ad44a2 | |||
716cb13554 | |||
fd514010de | |||
3e6283f3cf | |||
042c1893a0 | |||
e2e7824b87 | |||
05befb22ce | |||
f875d70d47 | |||
54ce0b2493 | |||
19927b7f74 | |||
d09fdd7d9f | |||
8129308233 | |||
5867767855 | |||
a8e9d833b2 | |||
485babde8f | |||
8353e4265b | |||
98d8e6d401 | |||
9e45679ad4 | |||
b007129227 | |||
67c1eed94c | |||
a69d9ff889 | |||
2f913e28e2 | |||
1acc9a37dd
|
|||
f6470cd7e0 | |||
d132bc1425 | |||
bbf95dcacf | |||
824b6180b9 | |||
6b749fcfee | |||
dd4a1b3a9b | |||
93655254b4 | |||
cfd735a321 | |||
7f8129a018 | |||
da8817129a | |||
b178ac76b5 | |||
dd153a5f5b | |||
19d6b591a4 | |||
bc2ed5e722 | |||
bed6cd8290
|
|||
a7488600fe | |||
8e7a436539 | |||
5e4743cad6 | |||
775fcf79d5 | |||
12c92f479b | |||
739ab2f72d | |||
c8f60a14f7 | |||
afaa397ae7 | |||
1886c5a607
|
|||
67543bf069
|
|||
4cced131e4 | |||
060c3fc7ab | |||
65693be5f9 | |||
0731f530fc | |||
5fdba25a68 | |||
3c7d2b6222 | |||
38b1cfcc6d | |||
5b1cb64952 | |||
4b44300c64 | |||
f6a1d168e6 | |||
145834f1f2 | |||
60df7fc978 | |||
1645a58983 | |||
6c797b065d | |||
62b1f07a25 | |||
7ba4790ad6
|
|||
7b802d609d | |||
175fc1d793 | |||
021af5f21a | |||
d99fd4e14f | |||
e91e7f2ff0 | |||
073f0762b6 | |||
c9def8c898 | |||
9c555e71cb | |||
e6d8a83893 | |||
1fe7ed11b5 | |||
eeddd81477 | |||
c878a4141b | |||
49f0751204 | |||
199626171e | |||
e489a8bf46 | |||
53c8b7473a | |||
dcebd98cf1 | |||
44df066c3f | |||
5a8802a5df | |||
45c4c40560 | |||
da732bea82 | |||
f5a614a908 | |||
63c576f618 | |||
cb460655d4 | |||
4eb5ed6e52 | |||
80f44fd1be | |||
3449bc4ced
|
|||
ed914c6c67
|
|||
46f0491624 | |||
e26f7c6bcb | |||
f10eb64976
|
|||
0a0f485efe
|
|||
36b88cf203
|
|||
868d943d98
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: base64
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/base64
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -22,8 +22,5 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
---
|
||||
|
@@ -1,25 +1,24 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cluster-fun-wallabag
|
||||
name: bsky-screenshot
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: wallabag
|
||||
namespace: bsky-screenshot
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/wallabag
|
||||
path: manifests/bsky-screenshot
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
automated: {}
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
---
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: cel-tester
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/cel-tester
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
|
@@ -1,27 +1,3 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cert-manager-civo
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: cert-manager
|
||||
name: civo
|
||||
source:
|
||||
path: manifests/certmanager-civo
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
---
|
||||
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: civo-versions
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/civo-versions
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -1,17 +1,17 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cluster-fun-tank
|
||||
name: cors-proxy
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: tank
|
||||
namespace: cors-proxy
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/tank
|
||||
path: manifests/cors-proxy
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: cv
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/cv
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -22,8 +22,5 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
---
|
||||
|
@@ -22,8 +22,5 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
---
|
||||
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: feed-fetcher
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/feed-fetcher
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
35
manifests/_apps/goldilocks.yaml
Normal file
35
manifests/_apps/goldilocks.yaml
Normal file
@@ -0,0 +1,35 @@
|
||||
|
||||
# apiVersion: argoproj.io/v1alpha1
|
||||
# kind: Application
|
||||
# metadata:
|
||||
# name: cluster-fun-goldilocks
|
||||
# namespace: argocd
|
||||
# finalizers:
|
||||
# - resources-finalizer.argocd.argoproj.io
|
||||
# spec:
|
||||
# project: cluster.fun
|
||||
# destination:
|
||||
# namespace: goldilocks
|
||||
# name: cluster-fun (v2)
|
||||
# source:
|
||||
# repoURL: 'https://charts.fairwinds.com/stable'
|
||||
# targetRevision: 10.1.0
|
||||
# chart: goldilocks
|
||||
# helm:
|
||||
# version: v3
|
||||
# values: |-
|
||||
# vpa:
|
||||
# enabled: true
|
||||
# controller:
|
||||
# flags:
|
||||
# on-by-default: true
|
||||
# dashboard:
|
||||
# flags:
|
||||
# on-by-default: true
|
||||
# replicaCount: 1
|
||||
# syncPolicy:
|
||||
# automated: {}
|
||||
# syncOptions:
|
||||
# - CreateNamespace=true
|
||||
|
||||
# ---
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: goplayground
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/goplayground
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
|
@@ -22,8 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
---
|
||||
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: link
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/link
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
|
@@ -22,8 +22,5 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
---
|
||||
|
@@ -1,29 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cluster-fun-mastodon-digest
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: mastodon-digest
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/mastodon-digest
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
---
|
@@ -22,8 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
---
|
||||
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: opengraph
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/opengraph
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -1,7 +1,7 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: traefik-civo
|
||||
name: cluster-fun-priority-classes
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
@@ -9,9 +9,9 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: kube-system
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/traefik
|
||||
path: manifests/priority-classes
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
@@ -22,3 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
---
|
@@ -1,24 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: proxy-civo
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: proxy-civo
|
||||
name: civo
|
||||
source:
|
||||
path: manifests/proxy-civo
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: qr
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/qr
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -21,26 +21,3 @@ spec:
|
||||
jsonPointers:
|
||||
- /data
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cluster-fun-reloader-civo
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: kube-system
|
||||
name: civo
|
||||
source:
|
||||
repoURL: 'https://stakater.github.io/stakater-charts'
|
||||
targetRevision: v0.0.89
|
||||
chart: reloader
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
---
|
||||
|
@@ -22,8 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
---
|
||||
|
@@ -1,28 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: social-to-grist
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: social-to-grist
|
||||
name: civo
|
||||
source:
|
||||
path: manifests/social-to-grist
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
@@ -1,17 +1,17 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: monitoring-civo
|
||||
name: social-to-rolodex
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: monitoring
|
||||
name: civo
|
||||
namespace: social-to-rolodex
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/monitoring-civo
|
||||
path: manifests/social-to-rolodex
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
@@ -22,3 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
|
@@ -1,29 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cluster-fun-starling
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: starling
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/starling
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
---
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: svg-to-dxf
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/svg-to-dxf
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: talks
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/talks
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: text-to-dxf
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/text-to-dxf
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -9,7 +9,7 @@ spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: til
|
||||
name: civo
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/til
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
@@ -22,7 +22,4 @@ spec:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
|
||||
|
@@ -1,28 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: tweetsvg
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: tweetsvg
|
||||
name: civo
|
||||
source:
|
||||
path: manifests/tweetsvg
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
@@ -1,29 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cluster-fun-twitter-profile-pic
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: twitter-profile-pic
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/twitter-profile-pic
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
ignoreDifferences:
|
||||
- kind: Secret
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
jqPathExpressions:
|
||||
- .spec.template.spec.containers[]?.image
|
||||
---
|
@@ -1,17 +1,17 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cluster-fun-matrix
|
||||
name: yay-or-nay
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: cluster.fun
|
||||
destination:
|
||||
namespace: chat
|
||||
namespace: yay-or-nay
|
||||
name: cluster-fun (v2)
|
||||
source:
|
||||
path: manifests/matrix_chart
|
||||
path: manifests/yay-or-nay
|
||||
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
@@ -23,10 +23,13 @@ spec:
|
||||
- sonarr.cluster.fun
|
||||
- lidarr.cluster.fun
|
||||
- prowlarr.cluster.fun
|
||||
- mylarr.cluster.fun
|
||||
- transmission.cluster.fun
|
||||
- tekton.cluster.fun
|
||||
- changedetection.cluster.fun
|
||||
- grafana.cluster.fun
|
||||
- podgrab.cluster.fun
|
||||
- stablediffusion.cluster.fun
|
||||
secretName: auth-proxy-ingress
|
||||
rules:
|
||||
- host: downloads.cluster.fun
|
||||
@@ -199,3 +202,33 @@ spec:
|
||||
name: tailscale-proxy
|
||||
port:
|
||||
name: auth
|
||||
- host: podgrab.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: tailscale-proxy
|
||||
port:
|
||||
name: auth
|
||||
- host: mylarr.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: tailscale-proxy
|
||||
port:
|
||||
name: auth
|
||||
- host: stablediffusion.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: tailscale-proxy
|
||||
port:
|
||||
name: auth
|
||||
|
@@ -6,12 +6,18 @@ metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 25m
|
||||
nginx.ingress.kubernetes.io/client-body-buffer-size: 25m
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- hello-world.cluster.fun
|
||||
- ombi.cluster.fun
|
||||
- bsky-feeds.cluster.fun
|
||||
- ai.cluster.fun
|
||||
secretName: non-auth-proxy-ingress
|
||||
rules:
|
||||
- host: hello-world.cluster.fun
|
||||
@@ -34,3 +40,23 @@ spec:
|
||||
name: tailscale-proxy
|
||||
port:
|
||||
name: non-auth
|
||||
- host: bsky-feeds.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: tailscale-proxy
|
||||
port:
|
||||
name: non-auth
|
||||
- host: ai.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: tailscale-proxy
|
||||
port:
|
||||
name: non-auth
|
||||
|
@@ -38,6 +38,7 @@ spec:
|
||||
labels:
|
||||
app: internal-proxy
|
||||
spec:
|
||||
priorityClassName: critical
|
||||
serviceAccountName: default
|
||||
dnsPolicy: ClusterFirst
|
||||
dnsConfig:
|
||||
@@ -67,7 +68,7 @@ spec:
|
||||
mountPath: /config/
|
||||
|
||||
- name: oauth-proxy
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
|
||||
args:
|
||||
- --cookie-secure=false
|
||||
- --provider=oidc
|
||||
@@ -101,9 +102,9 @@ spec:
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
memory: 50Mi
|
||||
memory: 80Mi
|
||||
requests:
|
||||
memory: 50Mi
|
||||
memory: 80Mi
|
||||
volumes:
|
||||
- name: host-mappings
|
||||
configMap:
|
||||
|
@@ -29,6 +29,7 @@ spec:
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: docker-config
|
||||
priorityClassName: low
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/base64:latest
|
||||
@@ -49,11 +50,10 @@ metadata:
|
||||
namespace: base64
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- base64.cluster.fun
|
||||
|
69
manifests/bsky-screenshot/bsky-screenshot.yaml
Normal file
69
manifests/bsky-screenshot/bsky-screenshot.yaml
Normal file
@@ -0,0 +1,69 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: bsky-screenshot
|
||||
namespace: bsky-screenshot
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: web
|
||||
name: web
|
||||
selector:
|
||||
app: bsky-screenshot
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bsky-screenshot
|
||||
namespace: bsky-screenshot
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bsky-screenshot
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bsky-screenshot
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/bsky-screenshot:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
resources:
|
||||
limits:
|
||||
memory: 105Mi
|
||||
requests:
|
||||
memory: 105Mi
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: bsky-screenshot
|
||||
namespace: bsky-screenshot
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- bsky-screenshot.cluster.fun
|
||||
secretName: bsky-screenshot-ingress
|
||||
rules:
|
||||
- host: bsky-screenshot.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: bsky-screenshot
|
||||
port:
|
||||
number: 80
|
||||
|
@@ -47,11 +47,10 @@ metadata:
|
||||
namespace: cel-tester
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- cel-tester.cluster.fun
|
||||
|
@@ -1,23 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: cert-manager
|
||||
labels:
|
||||
certmanager.k8s.io/disable-validation: "true"
|
||||
|
||||
---
|
||||
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: letsencrypt@marcusnoble.co.uk
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
@@ -38,6 +38,7 @@ spec:
|
||||
labels:
|
||||
app: civo-versions
|
||||
spec:
|
||||
priorityClassName: low
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/civo-versions:latest
|
||||
@@ -66,11 +67,10 @@ metadata:
|
||||
namespace: civo-versions
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- civo-versions.cluster.fun
|
||||
|
81
manifests/cors-proxy/cors-proxy.yaml
Normal file
81
manifests/cors-proxy/cors-proxy.yaml
Normal file
@@ -0,0 +1,81 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: cors-proxy
|
||||
namespace: cors-proxy
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 8000
|
||||
name: web
|
||||
selector:
|
||||
app: cors-proxy
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: cors-proxy
|
||||
namespace: cors-proxy
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cors-proxy
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: cors-proxy
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/cors-proxy:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
name: web
|
||||
env:
|
||||
- name: ALLOWLIST
|
||||
value: cdn.bsky.app
|
||||
resources:
|
||||
requests:
|
||||
memory: 184M
|
||||
limits:
|
||||
memory: 184M
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: cors-proxy
|
||||
namespace: cors-proxy
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- cors-proxy.cluster.fun
|
||||
- cors-proxy.marcusnoble.co.uk
|
||||
secretName: cors-proxy-ingress
|
||||
rules:
|
||||
- host: cors-proxy.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: cors-proxy
|
||||
port:
|
||||
number: 80
|
||||
- host: cors-proxy.marcusnoble.co.uk
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: cors-proxy
|
||||
port:
|
||||
number: 80
|
@@ -62,11 +62,10 @@ metadata:
|
||||
namespace: cv
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- cv.marcusnoble.co.uk
|
||||
|
@@ -81,7 +81,7 @@ spec:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: dashboard-auth
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
|
||||
name: oauth-proxy
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
|
@@ -34,6 +34,11 @@ spec:
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: web
|
||||
resources:
|
||||
requests:
|
||||
memory: 80M
|
||||
limits:
|
||||
memory: 80M
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
@@ -42,11 +47,10 @@ metadata:
|
||||
namespace: feed-fetcher
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- feed-fetcher.cluster.fun
|
||||
|
@@ -40,9 +40,10 @@ spec:
|
||||
labels:
|
||||
app: git
|
||||
spec:
|
||||
priorityClassName: critical
|
||||
containers:
|
||||
- name: git
|
||||
image: gitea/gitea:1.22.6
|
||||
image: gitea/gitea:1.24.6
|
||||
env:
|
||||
- name: APP_NAME
|
||||
value: "Git"
|
||||
@@ -76,7 +77,7 @@ spec:
|
||||
name: web
|
||||
resources:
|
||||
requests:
|
||||
memory: 400Mi
|
||||
memory: 800Mi
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: git-data
|
||||
|
@@ -29,7 +29,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: x1unix/go-playground:2.4.0
|
||||
image: x1unix/go-playground:2.5.7
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
@@ -47,11 +47,10 @@ metadata:
|
||||
namespace: goplayground
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- go.cluster.fun
|
||||
|
@@ -64,15 +64,18 @@ spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: grist
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: grist
|
||||
spec:
|
||||
serviceAccountName: grist
|
||||
priorityClassName: critical
|
||||
containers:
|
||||
- name: grist
|
||||
image: gristlabs/grist-oss:1.3.2
|
||||
image: gristlabs/grist-oss:1.7.4
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: http
|
||||
@@ -97,14 +100,17 @@ spec:
|
||||
value: default
|
||||
- name: GRIST_TELEMETRY_LEVEL
|
||||
value: "off"
|
||||
- name: ALLOWED_WEBHOOK_DOMAINS
|
||||
value: "tank.tank.svc,matrix.cluster.fun"
|
||||
- name: GRIST_ANON_PLAYGROUND
|
||||
value: "false"
|
||||
- name: GRIST_FORCE_LOGIN
|
||||
value: "true"
|
||||
- name: GRIST_SANDBOX_FLAVOR
|
||||
value: gvisor
|
||||
resources:
|
||||
requests:
|
||||
memory: 300M
|
||||
limits:
|
||||
memory: 300M
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
|
@@ -27,6 +27,14 @@ data:
|
||||
kcduk24: https://speaking.marcusnoble.co.uk/0qcuN9/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
|
||||
rejektsna24: https://speaking.marcusnoble.co.uk/dALiFY/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
|
||||
kcddk24: https://speaking.marcusnoble.co.uk/FU4W7x/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
|
||||
cndoslo: https://speaking.marcusnoble.co.uk/j5M53P/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
|
||||
rejekts25: https://speaking.marcusnoble.co.uk/AXARFf/pod-deep-dive-everything-you-didnt-know-you-needed-to-know
|
||||
kcdbudapest: https://speaking.marcusnoble.co.uk/43QLpx/the-future-of-kubernetes-admission-logic
|
||||
kcdczechslovak: https://speaking.marcusnoble.co.uk/Np2xUv/pod-deep-dive-the-interesting-bits
|
||||
cnsmunich: https://speaking.marcusnoble.co.uk/HqYcp2/pod-deep-dive-the-interesting-bits
|
||||
cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0
|
||||
containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic
|
||||
containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
@@ -61,6 +69,7 @@ spec:
|
||||
labels:
|
||||
app: link
|
||||
spec:
|
||||
priorityClassName: critical
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/link:latest
|
||||
@@ -83,11 +92,10 @@ metadata:
|
||||
namespace: link
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- go-get.link
|
||||
|
@@ -1,229 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: docker-config
|
||||
namespace: mastodon-digest
|
||||
annotations:
|
||||
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-key: .dockerconfigjson
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
data:
|
||||
.dockerconfigjson: e30=
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mastodon-digest-auth
|
||||
namespace: mastodon-digest
|
||||
annotations:
|
||||
kube-1password: mr6spkkx7n3memkbute6ojaarm
|
||||
kube-1password/vault: Kubernetes
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mastodon-digest
|
||||
namespace: mastodon-digest
|
||||
annotations:
|
||||
kube-1password: bfklz3yi3dn4e7xtsbttcvhata
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-parse: "true"
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: config
|
||||
namespace: mastodon-digest
|
||||
labels:
|
||||
app: mastodon-digest
|
||||
data:
|
||||
config.json: |
|
||||
[
|
||||
{
|
||||
"timeline": "home",
|
||||
"hours": 12,
|
||||
"scorer": "ExtendedSimpleWeighted",
|
||||
"threshold": "lax",
|
||||
"output": "/usr/share/nginx/html/home/"
|
||||
},
|
||||
{
|
||||
"timeline": "federated",
|
||||
"hours": 12,
|
||||
"scorer": "ExtendedSimpleWeighted",
|
||||
"threshold": "lax",
|
||||
"output": "/usr/share/nginx/html/federated/"
|
||||
}
|
||||
]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: index
|
||||
namespace: mastodon-digest
|
||||
labels:
|
||||
app: mastodon-digest
|
||||
data:
|
||||
index.html: |
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta chartset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>Mastodon Digest</title>
|
||||
<style>
|
||||
body { background-color: #292c36; font-family: "Arial", sans-serif; }
|
||||
div#container { margin: auto; max-width: 640px; padding: 10px; text-align: center; margin: 0 auto; }
|
||||
.links { align: center; }
|
||||
h1 { color: white; }
|
||||
a.button { background: #595aff; color: #fff; line-height: 1.2; min-height: 38px; min-width: 88px; padding: 0 30px; border: 0; border-radius: 6px;; display: inline-flex; justify-content: center; align-items: center; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div id="container">
|
||||
<h1>Mastodon Digest</h1>
|
||||
<section class="links">
|
||||
<a href="home/" class="button">Home</a>
|
||||
<a href="federated/" class="button">Federated</a>
|
||||
</section>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mastodon-digest
|
||||
namespace: mastodon-digest
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: auth
|
||||
name: web
|
||||
selector:
|
||||
app: mastodon-digest
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mastodon-digest
|
||||
namespace: mastodon-digest
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mastodon-digest
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mastodon-digest
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: docker-config
|
||||
containers:
|
||||
- args:
|
||||
- --cookie-secure=false
|
||||
- --provider=oidc
|
||||
- --provider-display-name=Auth0
|
||||
- --upstream=http://localhost:80
|
||||
- --http-address=$(HOST_IP):8000
|
||||
- --redirect-url=https://mastodon-digest.cluster.fun/oauth2/callback
|
||||
- --email-domain=marcusnoble.co.uk
|
||||
- --pass-basic-auth=false
|
||||
- --pass-access-token=false
|
||||
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
|
||||
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: status.podIP
|
||||
- name: OAUTH2_PROXY_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: username
|
||||
name: mastodon-digest-auth
|
||||
- name: OAUTH2_PROXY_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: mastodon-digest-auth
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
|
||||
name: oauth-proxy
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
protocol: TCP
|
||||
name: auth
|
||||
resources:
|
||||
limits:
|
||||
memory: 50Mi
|
||||
requests:
|
||||
memory: 50Mi
|
||||
|
||||
- name: web
|
||||
image: nginx:stable
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: html
|
||||
mountPath: /usr/share/nginx/html
|
||||
- name: index
|
||||
mountPath: /usr/share/nginx/html/index.html
|
||||
subPath: index.html
|
||||
|
||||
- name: digest
|
||||
image: rg.fr-par.scw.cloud/averagemarcus-private/mastodon-digest:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: CONFIG_FILE
|
||||
value: /config.json
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: mastodon-digest
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config.json
|
||||
subPath: config.json
|
||||
- name: html
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: html
|
||||
emptyDir: {}
|
||||
- name: config
|
||||
configMap:
|
||||
name: config
|
||||
- name: index
|
||||
configMap:
|
||||
name: index
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: mastodon-digest
|
||||
namespace: mastodon-digest
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- mastodon-digest.cluster.fun
|
||||
secretName: mastodon-digest-ingress
|
||||
rules:
|
||||
- host: mastodon-digest.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: mastodon-digest
|
||||
port:
|
||||
number: 80
|
@@ -1,554 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: matrix
|
||||
namespace: chat
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- matrix.cluster.fun
|
||||
secretName: matrix-ingress
|
||||
rules:
|
||||
- host: matrix.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /.well-known/matrix
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: well-known
|
||||
port:
|
||||
number: 80
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: matrix-synapse
|
||||
port:
|
||||
number: 80
|
||||
|
||||
---
|
||||
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: riot
|
||||
namespace: chat
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- chat.cluster.fun
|
||||
secretName: riot-ingress
|
||||
rules:
|
||||
- host: chat.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: matrix-riot
|
||||
port:
|
||||
number: 80
|
||||
|
||||
---
|
||||
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: well-known
|
||||
namespace: chat
|
||||
annotations:
|
||||
configmap.reloader.stakater.com/reload: "well-known"
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: well-known
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: well-known
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: nginx
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: well-known
|
||||
mountPath: /usr/share/nginx/html/.well-known/matrix
|
||||
resources:
|
||||
limits:
|
||||
memory: 15Mi
|
||||
requests:
|
||||
memory: 15Mi
|
||||
volumes:
|
||||
- name: well-known
|
||||
configMap:
|
||||
name: well-known
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: well-known
|
||||
namespace: chat
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
name: web
|
||||
selector:
|
||||
app: well-known
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: well-known
|
||||
namespace: chat
|
||||
data:
|
||||
server: |-
|
||||
{
|
||||
"m.server": "matrix.cluster.fun:443"
|
||||
}
|
||||
client: |-
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.cluster.fun"
|
||||
},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "https://syncv3.matrix.cluster.fun"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
---
|
||||
|
||||
|
||||
# Source: matrix/templates/riot/configmap.yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: matrix-riot-config
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: element
|
||||
data:
|
||||
config.json: |
|
||||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.cluster.fun"
|
||||
}
|
||||
},
|
||||
"brand": "Element",
|
||||
"branding": {},
|
||||
"integrations_ui_url": "https://scalar.vector.im/",
|
||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||
"integrations_widgets_urls": [
|
||||
"https://scalar.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar.vector.im/api",
|
||||
"https://scalar-staging.vector.im/_matrix/integrations/v1",
|
||||
"https://scalar-staging.vector.im/api",
|
||||
"https://scalar-staging.riot.im/scalar/api"
|
||||
],
|
||||
"showLabsSettings": true,
|
||||
"features": {
|
||||
"feature_pinning": true,
|
||||
"feature_custom_status": "labs",
|
||||
"feature_state_counters": "labs",
|
||||
"feature_many_integration_managers": "labs",
|
||||
"feature_mjolnir": "labs",
|
||||
"feature_dm_verification": "labs",
|
||||
"feature_bridge_state": "labs",
|
||||
"feature_presence_in_room_list": true,
|
||||
"feature_custom_themes": "labs",
|
||||
"feature_new_spinner": "labs",
|
||||
"feature_jump_to_date": "labs",
|
||||
"feature_location_share_pin_drop": "labs",
|
||||
"feature_location_share_live": "labs",
|
||||
"feature_thread": true,
|
||||
"feature_video_rooms": true,
|
||||
"feature_favourite_messages": "labs"
|
||||
},
|
||||
"roomDirectory": {
|
||||
"servers": []
|
||||
},
|
||||
"permalinkPrefix": "https://chat.cluster.fun",
|
||||
"enable_presence_by_hs_url": {
|
||||
"https://matrix.org": false,
|
||||
"https://matrix-client.matrix.org": false
|
||||
},
|
||||
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=2IerXP2a5g1e7hxxBbzs"
|
||||
}
|
||||
nginx.conf: |
|
||||
worker_processes auto;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/pid/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
default.conf: |
|
||||
server {
|
||||
listen 8080;
|
||||
server_name localhost;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: matrix-synapse-config
|
||||
namespace: chat
|
||||
annotations:
|
||||
kube-1password: wbj4oozwyx6m2zz5m42pgcmymy
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-key: homeserver.yaml
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: synapse
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: matrix-synapse-config
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: element
|
||||
data:
|
||||
matrix.cluster.fun.log.config: |
|
||||
version: 1
|
||||
|
||||
formatters:
|
||||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
filters: [context]
|
||||
|
||||
loggers:
|
||||
synapse:
|
||||
level: WARNING
|
||||
synapse.storage.SQL:
|
||||
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||
# information such as access tokens.
|
||||
level: WARNING
|
||||
|
||||
root:
|
||||
level: WARNING
|
||||
handlers: [console]
|
||||
---
|
||||
# Source: matrix/templates/riot/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: matrix-riot
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: element
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: matrix-riot
|
||||
---
|
||||
# Source: matrix/templates/synapse/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: matrix-synapse
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: synapse
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: "/_synapse/metrics"
|
||||
prometheus.io/port: "9000"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: 9000
|
||||
targetPort: metrics
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
selector:
|
||||
app.kubernetes.io/name: matrix-synapse
|
||||
---
|
||||
# Source: matrix/templates/riot/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: matrix-riot
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: element
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: matrix-riot
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix-riot
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: "riot"
|
||||
image: "vectorim/element-web:v1.11.89"
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /app/config.json
|
||||
name: riot-config
|
||||
subPath: config.json
|
||||
readOnly: true
|
||||
- mountPath: /etc/nginx/nginx.conf
|
||||
name: riot-config
|
||||
subPath: nginx.conf
|
||||
readOnly: true
|
||||
- mountPath: /etc/nginx/conf.d/default.conf
|
||||
name: riot-config
|
||||
subPath: default.conf
|
||||
readOnly: true
|
||||
- mountPath: /var/cache/nginx
|
||||
name: ephemeral
|
||||
subPath: cache
|
||||
- mountPath: /var/run/pid
|
||||
name: ephemeral
|
||||
subPath: pid
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
volumes:
|
||||
- name: riot-config
|
||||
configMap:
|
||||
name: matrix-riot-config
|
||||
- name: ephemeral
|
||||
emptyDir: {}
|
||||
---
|
||||
# Source: matrix/templates/synapse/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: matrix-synapse
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: synapse
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: matrix-synapse
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix-synapse
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
initContainers:
|
||||
- name: generate-signing-key
|
||||
image: "ghcr.io/element-hq/synapse:v1.121.1"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: SYNAPSE_SERVER_NAME
|
||||
value: matrix.cluster.fun
|
||||
- name: SYNAPSE_REPORT_STATS
|
||||
value: "no"
|
||||
command: ["python"]
|
||||
args:
|
||||
- "-m"
|
||||
- "synapse.app.homeserver"
|
||||
- "--config-path"
|
||||
- "/data/homeserver.yaml"
|
||||
- "--keys-directory"
|
||||
- "/data/keys"
|
||||
- "--generate-keys"
|
||||
volumeMounts:
|
||||
- name: synapse-config-homeserver
|
||||
mountPath: /data/homeserver.yaml
|
||||
subPath: homeserver.yaml
|
||||
- name: synapse-config-logging
|
||||
mountPath: /data/matrix.cluster.fun.log.config
|
||||
subPath: matrix.cluster.fun.log.config
|
||||
- name: signing-key
|
||||
mountPath: /data/keys
|
||||
containers:
|
||||
- name: "synapse"
|
||||
image: "ghcr.io/element-hq/synapse:v1.121.1"
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8008
|
||||
protocol: TCP
|
||||
- name: metrics
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: synapse-config-homeserver
|
||||
mountPath: /data/homeserver.yaml
|
||||
subPath: homeserver.yaml
|
||||
- name: mautrix-whatsapp-registration
|
||||
mountPath: /data/mautrix-whatsapp-registration.yaml
|
||||
subPath: registration.yaml
|
||||
# - name: mautrix-signal-registration
|
||||
# mountPath: /data/mautrix-signal-registration.yaml
|
||||
# subPath: registration.yaml
|
||||
# - name: mautrix-telegram-registration
|
||||
# mountPath: /data/mautrix-telegram-registration.yaml
|
||||
# subPath: registration.yaml
|
||||
- name: synapse-config-logging
|
||||
mountPath: /data/matrix.cluster.fun.log.config
|
||||
subPath: matrix.cluster.fun.log.config
|
||||
- name: signing-key
|
||||
mountPath: /data/keys
|
||||
- name: user-media
|
||||
mountPath: /data/media_store
|
||||
- name: uploads
|
||||
mountPath: /data/uploads
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/static/
|
||||
port: http
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /_matrix/static/
|
||||
port: http
|
||||
failureThreshold: 6
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 5
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /_matrix/static/
|
||||
port: http
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
volumes:
|
||||
- name: synapse-config-logging
|
||||
configMap:
|
||||
name: matrix-synapse-config
|
||||
- name: synapse-config-homeserver
|
||||
secret:
|
||||
secretName: matrix-synapse-config
|
||||
- name: mautrix-whatsapp-registration
|
||||
secret:
|
||||
secretName: mautrix-whatsapp-registration
|
||||
# - name: mautrix-signal-registration
|
||||
# secret:
|
||||
# secretName: mautrix-signal-registration
|
||||
# - name: mautrix-telegram-registration
|
||||
# secret:
|
||||
# secretName: mautrix-telegram-registration
|
||||
- name: signing-key
|
||||
persistentVolumeClaim:
|
||||
claimName: chat-matrix-signing-key
|
||||
- name: user-media
|
||||
persistentVolumeClaim:
|
||||
claimName: chat-matrix-user-media
|
||||
- name: uploads
|
||||
emptyDir: {}
|
||||
- name: tmp
|
||||
emptyDir: {}
|
||||
---
|
@@ -1,32 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: chat-matrix-user-media
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: synapse
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 12Gi
|
||||
storageClassName: sbs-default-retain
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: chat-matrix-signing-key
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: synapse
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: sbs-default-retain
|
||||
---
|
@@ -1,153 +0,0 @@
|
||||
# apiVersion: v1
|
||||
# kind: Secret
|
||||
# metadata:
|
||||
# name: mautrix-signal-registration
|
||||
# namespace: chat
|
||||
# annotations:
|
||||
# kube-1password: z6tylu2br724gttcpfyi5egaui
|
||||
# kube-1password/vault: Kubernetes
|
||||
# kube-1password/secret-text-key: registration.yaml
|
||||
# labels:
|
||||
# app.kubernetes.io/name: "mautrix-signal"
|
||||
# component: registration
|
||||
# type: Opaque
|
||||
|
||||
# ---
|
||||
|
||||
# apiVersion: v1
|
||||
# kind: Secret
|
||||
# metadata:
|
||||
# name: mautrix-signal-config
|
||||
# namespace: chat
|
||||
# annotations:
|
||||
# kube-1password: 5vfaorcudozlq4clkzgmzzszqe
|
||||
# kube-1password/vault: Kubernetes
|
||||
# kube-1password/secret-text-key: config.yaml
|
||||
# labels:
|
||||
# app.kubernetes.io/name: "mautrix-signal"
|
||||
# component: config
|
||||
# type: Opaque
|
||||
|
||||
# ---
|
||||
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: mautrix-signal
|
||||
# namespace: chat
|
||||
# labels:
|
||||
# app.kubernetes.io/name: mautrix-signal
|
||||
# annotations:
|
||||
# prometheus.io/scrape: "true"
|
||||
# prometheus.io/path: "/metrics"
|
||||
# prometheus.io/port: "9000"
|
||||
# spec:
|
||||
# type: ClusterIP
|
||||
# ports:
|
||||
# - port: 29328
|
||||
# targetPort: http
|
||||
# protocol: TCP
|
||||
# name: http
|
||||
# selector:
|
||||
# app.kubernetes.io/name: mautrix-signal
|
||||
|
||||
# ---
|
||||
|
||||
# apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: mautrix-signal
|
||||
# labels:
|
||||
# app.kubernetes.io/name: mautrix-signal
|
||||
# spec:
|
||||
# revisionHistoryLimit: 3
|
||||
# replicas: 1
|
||||
# strategy:
|
||||
# type: Recreate
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: mautrix-signal
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app.kubernetes.io/name: mautrix-signal
|
||||
# spec:
|
||||
# serviceAccountName: default
|
||||
# automountServiceAccountToken: true
|
||||
# dnsPolicy: ClusterFirst
|
||||
# enableServiceLinks: true
|
||||
# initContainers:
|
||||
# - name: config-copy
|
||||
# image: bash:latest
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# args:
|
||||
# - -c
|
||||
# - |
|
||||
# cp /secrets/* /data/
|
||||
# volumeMounts:
|
||||
# - name: mautrix-signal-config
|
||||
# mountPath: /secrets/config.yaml
|
||||
# subPath: config.yaml
|
||||
# - name: mautrix-signal-registration
|
||||
# mountPath: /secrets/registration.yaml
|
||||
# subPath: registration.yaml
|
||||
# - name: data
|
||||
# mountPath: /data
|
||||
# containers:
|
||||
# - name: signald
|
||||
# image: docker.io/signald/signald:stable
|
||||
# imagePullPolicy: Always
|
||||
# volumeMounts:
|
||||
# - name: signald
|
||||
# mountPath: /signald
|
||||
# - name: mautrix-signal
|
||||
# image: "dock.mau.dev/mautrix/signal:v0.4.3"
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# env:
|
||||
# - name: "TZ"
|
||||
# value: "UTC"
|
||||
# ports:
|
||||
# - name: http
|
||||
# containerPort: 29328
|
||||
# protocol: TCP
|
||||
# - name: metrics
|
||||
# containerPort: 9000
|
||||
# protocol: TCP
|
||||
# volumeMounts:
|
||||
# - name: signald
|
||||
# mountPath: /signald
|
||||
# - name: data
|
||||
# mountPath: /data
|
||||
# livenessProbe:
|
||||
# tcpSocket:
|
||||
# port: 29318
|
||||
# initialDelaySeconds: 0
|
||||
# failureThreshold: 3
|
||||
# timeoutSeconds: 1
|
||||
# periodSeconds: 10
|
||||
# readinessProbe:
|
||||
# tcpSocket:
|
||||
# port: 29318
|
||||
# initialDelaySeconds: 0
|
||||
# failureThreshold: 3
|
||||
# timeoutSeconds: 1
|
||||
# periodSeconds: 10
|
||||
# startupProbe:
|
||||
# tcpSocket:
|
||||
# port: 29318
|
||||
# initialDelaySeconds: 0
|
||||
# failureThreshold: 30
|
||||
# timeoutSeconds: 1
|
||||
# periodSeconds: 5
|
||||
# volumes:
|
||||
# - name: data
|
||||
# emptyDir: {}
|
||||
# - name: signald
|
||||
# emptyDir: {}
|
||||
# - name: mautrix-signal-config
|
||||
# secret:
|
||||
# secretName: mautrix-signal-config
|
||||
# - name: mautrix-signal-registration
|
||||
# secret:
|
||||
# secretName: mautrix-signal-registration
|
||||
# ---
|
@@ -1,119 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: matrix-sliding-sync
|
||||
namespace: chat
|
||||
annotations:
|
||||
kube-1password: 7kvyfcszfaavj2d7uvl4troagm
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-parse: "true"
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: sliding-sync
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: sliding-sync
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: sliding-sync
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: sliding-sync
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: sliding-sync
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: "sliding-sync"
|
||||
image: "ghcr.io/matrix-org/sliding-sync:v0.99.19"
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8008
|
||||
protocol: TCP
|
||||
- name: metrics
|
||||
containerPort: 9090
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: SYNCV3_SERVER
|
||||
value: https://matrix.cluster.fun
|
||||
- name: SYNCV3_BINDADDR
|
||||
value: ":8008"
|
||||
- name: SYNCV3_PROM
|
||||
value: ":9090"
|
||||
- name: SYNCV3_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: matrix-sliding-sync
|
||||
key: SYNCV3_SECRET
|
||||
- name: SYNCV3_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: matrix-sliding-sync
|
||||
key: SYNCV3_DB
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: sliding-sync
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: sliding-sync
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "9090"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
name: web
|
||||
- port: 9090
|
||||
targetPort: metrics
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
selector:
|
||||
app.kubernetes.io/name: sliding-sync
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: sliding-sync
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: "matrix"
|
||||
component: sliding-sync
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- syncv3.matrix.cluster.fun
|
||||
secretName: sliding-sync-ingress
|
||||
rules:
|
||||
- host: syncv3.matrix.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: sliding-sync
|
||||
port:
|
||||
number: 80
|
||||
---
|
@@ -1,143 +0,0 @@
|
||||
# apiVersion: v1
|
||||
# kind: Secret
|
||||
# metadata:
|
||||
# name: mautrix-telegram-registration
|
||||
# namespace: chat
|
||||
# annotations:
|
||||
# kube-1password: dancy7ogc4gjlxhfntqejgudwi
|
||||
# kube-1password/vault: Kubernetes
|
||||
# kube-1password/secret-text-key: registration.yaml
|
||||
# labels:
|
||||
# app.kubernetes.io/name: "mautrix-telegram"
|
||||
# component: registration
|
||||
# type: Opaque
|
||||
|
||||
# ---
|
||||
|
||||
# apiVersion: v1
|
||||
# kind: Secret
|
||||
# metadata:
|
||||
# name: mautrix-telegram-config
|
||||
# namespace: chat
|
||||
# annotations:
|
||||
# kube-1password: nilzdpfum35hhwijnwvasbzmcq
|
||||
# kube-1password/vault: Kubernetes
|
||||
# kube-1password/secret-text-key: config.yaml
|
||||
# labels:
|
||||
# app.kubernetes.io/name: "mautrix-telegram"
|
||||
# component: config
|
||||
# type: Opaque
|
||||
|
||||
# ---
|
||||
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: mautrix-telegram
|
||||
# namespace: chat
|
||||
# labels:
|
||||
# app.kubernetes.io/name: mautrix-telegram
|
||||
# annotations:
|
||||
# prometheus.io/scrape: "true"
|
||||
# prometheus.io/path: "/metrics"
|
||||
# prometheus.io/port: "9000"
|
||||
# spec:
|
||||
# type: ClusterIP
|
||||
# ports:
|
||||
# - port: 29318
|
||||
# targetPort: http
|
||||
# protocol: TCP
|
||||
# name: http
|
||||
# selector:
|
||||
# app.kubernetes.io/name: mautrix-telegram
|
||||
|
||||
# ---
|
||||
|
||||
# apiVersion: apps/v1
|
||||
# kind: Deployment
|
||||
# metadata:
|
||||
# name: mautrix-telegram
|
||||
# labels:
|
||||
# app.kubernetes.io/name: mautrix-telegram
|
||||
# spec:
|
||||
# revisionHistoryLimit: 3
|
||||
# replicas: 1
|
||||
# strategy:
|
||||
# type: Recreate
|
||||
# selector:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: mautrix-telegram
|
||||
# template:
|
||||
# metadata:
|
||||
# labels:
|
||||
# app.kubernetes.io/name: mautrix-telegram
|
||||
# spec:
|
||||
# serviceAccountName: default
|
||||
# automountServiceAccountToken: true
|
||||
# dnsPolicy: ClusterFirst
|
||||
# enableServiceLinks: true
|
||||
# initContainers:
|
||||
# - name: config-copy
|
||||
# image: bash:latest
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# args:
|
||||
# - -c
|
||||
# - |
|
||||
# cp /secrets/* /data/
|
||||
# volumeMounts:
|
||||
# - name: mautrix-telegram-config
|
||||
# mountPath: /secrets/config.yaml
|
||||
# subPath: config.yaml
|
||||
# - name: mautrix-telegram-registration
|
||||
# mountPath: /secrets/registration.yaml
|
||||
# subPath: registration.yaml
|
||||
# - name: data
|
||||
# mountPath: /data
|
||||
# containers:
|
||||
# - name: mautrix-telegram
|
||||
# image: "dock.mau.dev/mautrix/telegram:v0.12.1"
|
||||
# imagePullPolicy: IfNotPresent
|
||||
# env:
|
||||
# - name: "TZ"
|
||||
# value: "UTC"
|
||||
# ports:
|
||||
# - name: http
|
||||
# containerPort: 29318
|
||||
# protocol: TCP
|
||||
# - name: metrics
|
||||
# containerPort: 9000
|
||||
# protocol: TCP
|
||||
# volumeMounts:
|
||||
# - name: data
|
||||
# mountPath: /data
|
||||
# livenessProbe:
|
||||
# tcpSocket:
|
||||
# port: 29318
|
||||
# initialDelaySeconds: 0
|
||||
# failureThreshold: 3
|
||||
# timeoutSeconds: 1
|
||||
# periodSeconds: 10
|
||||
# readinessProbe:
|
||||
# tcpSocket:
|
||||
# port: 29318
|
||||
# initialDelaySeconds: 0
|
||||
# failureThreshold: 3
|
||||
# timeoutSeconds: 1
|
||||
# periodSeconds: 10
|
||||
# startupProbe:
|
||||
# tcpSocket:
|
||||
# port: 29318
|
||||
# initialDelaySeconds: 0
|
||||
# failureThreshold: 30
|
||||
# timeoutSeconds: 1
|
||||
# periodSeconds: 5
|
||||
# volumes:
|
||||
# - name: data
|
||||
# emptyDir: {}
|
||||
# - name: mautrix-telegram-config
|
||||
# secret:
|
||||
# secretName: mautrix-telegram-config
|
||||
# - name: mautrix-telegram-registration
|
||||
# secret:
|
||||
# secretName: mautrix-telegram-registration
|
||||
# ---
|
@@ -1,143 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mautrix-whatsapp-registration
|
||||
namespace: chat
|
||||
annotations:
|
||||
kube-1password: x6lzkpyov4dem5jtk2kimyrnvy
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-key: registration.yaml
|
||||
labels:
|
||||
app.kubernetes.io/name: "mautrix-whatsapp"
|
||||
component: registration
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mautrix-whatsapp-config
|
||||
namespace: chat
|
||||
annotations:
|
||||
kube-1password: ji3e2el66bu56bml3kq3ghyojq
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-key: config.yaml
|
||||
labels:
|
||||
app.kubernetes.io/name: "mautrix-whatsapp"
|
||||
component: config
|
||||
type: Opaque
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mautrix-whatsapp
|
||||
namespace: chat
|
||||
labels:
|
||||
app.kubernetes.io/name: mautrix-whatsapp
|
||||
# annotations:
|
||||
# prometheus.io/scrape: "true"
|
||||
# prometheus.io/path: "/metrics"
|
||||
# prometheus.io/port: "9000"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 29318
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: mautrix-whatsapp
|
||||
|
||||
---
|
||||
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mautrix-whatsapp
|
||||
labels:
|
||||
app.kubernetes.io/name: mautrix-whatsapp
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: mautrix-whatsapp
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: mautrix-whatsapp
|
||||
spec:
|
||||
serviceAccountName: default
|
||||
automountServiceAccountToken: true
|
||||
dnsPolicy: ClusterFirst
|
||||
enableServiceLinks: true
|
||||
initContainers:
|
||||
- name: config-copy
|
||||
image: bash:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- -c
|
||||
- |
|
||||
cp /secrets/* /data/
|
||||
volumeMounts:
|
||||
- name: mautrix-whatsapp-config
|
||||
mountPath: /secrets/config.yaml
|
||||
subPath: config.yaml
|
||||
- name: mautrix-whatsapp-registration
|
||||
mountPath: /secrets/registration.yaml
|
||||
subPath: registration.yaml
|
||||
- name: data
|
||||
mountPath: /data
|
||||
containers:
|
||||
- name: mautrix-whatsapp
|
||||
image: "dock.mau.dev/mautrix/whatsapp:v0.11.0"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: "TZ"
|
||||
value: "UTC"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 29318
|
||||
protocol: TCP
|
||||
# - name: metrics
|
||||
# containerPort: 9000
|
||||
# protocol: TCP
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 29318
|
||||
initialDelaySeconds: 0
|
||||
failureThreshold: 3
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 29318
|
||||
initialDelaySeconds: 0
|
||||
failureThreshold: 3
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
startupProbe:
|
||||
tcpSocket:
|
||||
port: 29318
|
||||
initialDelaySeconds: 0
|
||||
failureThreshold: 30
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 5
|
||||
volumes:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
- name: mautrix-whatsapp-config
|
||||
secret:
|
||||
secretName: mautrix-whatsapp-config
|
||||
- name: mautrix-whatsapp-registration
|
||||
secret:
|
||||
secretName: mautrix-whatsapp-registration
|
||||
---
|
@@ -28,9 +28,10 @@ spec:
|
||||
labels:
|
||||
app: mealie
|
||||
spec:
|
||||
priorityClassName: critical
|
||||
containers:
|
||||
- name: frontend
|
||||
image: ghcr.io/mealie-recipes/mealie:v2.4.1
|
||||
image: ghcr.io/mealie-recipes/mealie:v3.3.2
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- secretRef:
|
||||
@@ -41,7 +42,7 @@ spec:
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TOKEN_TIME
|
||||
value: "168"
|
||||
value: "720"
|
||||
- name: DB_ENGINE
|
||||
value: postgres
|
||||
- name: POSTGRES_DB
|
||||
@@ -68,12 +69,18 @@ spec:
|
||||
volumeMounts:
|
||||
- mountPath: /app/data
|
||||
name: data
|
||||
resources:
|
||||
requests:
|
||||
cpu: 200m
|
||||
memory: 550M
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 550M
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: mealie
|
||||
|
||||
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
@@ -91,7 +98,6 @@ spec:
|
||||
app: mealie
|
||||
---
|
||||
|
||||
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
|
@@ -1,255 +0,0 @@
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kube-state-metrics
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
name: kube-state-metrics
|
||||
rules:
|
||||
- apiGroups: ["certificates.k8s.io"]
|
||||
resources:
|
||||
- certificatesigningrequests
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- configmaps
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- cronjobs
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- daemonsets
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- deployments
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- endpoints
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["autoscaling"]
|
||||
resources:
|
||||
- horizontalpodautoscalers
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["extensions", "networking.k8s.io"]
|
||||
resources:
|
||||
- ingresses
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- jobs
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- limitranges
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- mutatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- namespaces
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- nodes
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- persistentvolumes
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["policy"]
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- pods
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["extensions", "apps"]
|
||||
resources:
|
||||
- replicasets
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- replicationcontrollers
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- resourcequotas
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- secrets
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- services
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["apps"]
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["admissionregistration.k8s.io"]
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
verbs: ["list", "watch"]
|
||||
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources:
|
||||
- volumeattachments
|
||||
verbs: ["list", "watch"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
name: kube-state-metrics
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: kube-state-metrics
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kube-state-metrics
|
||||
namespace: monitoring
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kube-state-metrics
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
spec:
|
||||
type: "ClusterIP"
|
||||
ports:
|
||||
- name: "http"
|
||||
protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kube-state-metrics
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
spec:
|
||||
serviceAccountName: kube-state-metrics
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
runAsGroup: 65534
|
||||
runAsUser: 65534
|
||||
containers:
|
||||
- name: kube-state-metrics
|
||||
args:
|
||||
#- --resources=certificatesigningrequests
|
||||
- --resources=configmaps
|
||||
- --resources=cronjobs
|
||||
- --resources=daemonsets
|
||||
- --resources=deployments
|
||||
#- --resources=endpoints
|
||||
#- --resources=horizontalpodautoscalers
|
||||
- --resources=ingresses
|
||||
- --resources=jobs
|
||||
#- --resources=limitranges
|
||||
- --resources=mutatingwebhookconfigurations
|
||||
- --resources=namespaces
|
||||
#- --resources=networkpolicies
|
||||
- --resources=nodes
|
||||
- --resources=persistentvolumeclaims
|
||||
- --resources=persistentvolumes
|
||||
- --resources=poddisruptionbudgets
|
||||
- --resources=pods
|
||||
- --resources=replicasets
|
||||
#- --resources=replicationcontrollers
|
||||
#- --resources=resourcequotas
|
||||
- --resources=secrets
|
||||
- --resources=services
|
||||
- --resources=statefulsets
|
||||
- --resources=storageclasses
|
||||
- --resources=validatingwebhookconfigurations
|
||||
#- --resources=volumeattachments
|
||||
imagePullPolicy: IfNotPresent
|
||||
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
---
|
@@ -1,64 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: prometheus-server
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
app.kubernetes.io/component: server
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
app.kubernetes.io/component: server
|
||||
name: prometheus-server
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- nodes/proxy
|
||||
- nodes/metrics
|
||||
- services
|
||||
- endpoints
|
||||
- pods
|
||||
- ingresses
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- "extensions"
|
||||
- "networking.k8s.io"
|
||||
resources:
|
||||
- ingresses/status
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- nonResourceURLs:
|
||||
- "/metrics"
|
||||
verbs:
|
||||
- get
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
app.kubernetes.io/component: server
|
||||
name: prometheus-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prometheus-server
|
||||
namespace: monitoring
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: prometheus-server
|
||||
---
|
@@ -1,292 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: promtail
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: promtail
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: promtail
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: promtail
|
||||
data:
|
||||
promtail.yaml: |
|
||||
client:
|
||||
backoff_config:
|
||||
max_period: 5m
|
||||
max_retries: 10
|
||||
min_period: 500ms
|
||||
batchsize: 1048576
|
||||
batchwait: 1s
|
||||
external_labels: {}
|
||||
timeout: 10s
|
||||
positions:
|
||||
filename: /run/promtail/positions.yaml
|
||||
server:
|
||||
http_listen_port: 3101
|
||||
clients:
|
||||
- url: http://loki-distributed.proxy-civo.svc:80/loki/api/v1/push
|
||||
external_labels:
|
||||
kubernetes_cluster: civo
|
||||
target_config:
|
||||
sync_period: 10s
|
||||
scrape_configs:
|
||||
- job_name: kubernetes-pods
|
||||
pipeline_stages:
|
||||
- docker: {}
|
||||
- cri: {}
|
||||
- match:
|
||||
selector: '{app="weave-net"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{filename=~".*konnectivity.*"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{name=~".*"} |~ ".*/healthz.*"'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{name=~".*"} |~ ".*/api/health.*"'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="internal-proxy"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="non-auth-proxy"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="vpa"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="promtail"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="csi-node"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="victoria-metrics"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="git-sync"}'
|
||||
action: drop
|
||||
- match:
|
||||
selector: '{app="ingress-nginx"}'
|
||||
stages:
|
||||
- json:
|
||||
expressions:
|
||||
request_host: host
|
||||
request_path: path
|
||||
request_method: method
|
||||
response_status: status
|
||||
- drop:
|
||||
source: "request_path"
|
||||
value: "/healthz"
|
||||
- drop:
|
||||
source: "request_path"
|
||||
value: "/health"
|
||||
- labels:
|
||||
request_host:
|
||||
request_method:
|
||||
response_status:
|
||||
- match:
|
||||
selector: '{app="traefik"}'
|
||||
stages:
|
||||
- json:
|
||||
expressions:
|
||||
request_host: RequestHost
|
||||
request_path: RequestPath
|
||||
request_method: RequestMethod
|
||||
response_status: OriginStatus
|
||||
- drop:
|
||||
source: "request_path"
|
||||
value: "/healthz"
|
||||
- drop:
|
||||
source: "request_path"
|
||||
value: "/health"
|
||||
- drop:
|
||||
source: "request_path"
|
||||
value: "/ping"
|
||||
- labels:
|
||||
request_host:
|
||||
request_method:
|
||||
response_status:
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
relabel_configs:
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_controller_name
|
||||
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
|
||||
action: replace
|
||||
target_label: __tmp_controller_name
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_label_app_kubernetes_io_name
|
||||
- __meta_kubernetes_pod_label_app
|
||||
- __tmp_controller_name
|
||||
- __meta_kubernetes_pod_name
|
||||
regex: ^;*([^;]+)(;.*)?$
|
||||
action: replace
|
||||
target_label: app
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_label_app_kubernetes_io_component
|
||||
- __meta_kubernetes_pod_label_component
|
||||
regex: ^;*([^;]+)(;.*)?$
|
||||
action: replace
|
||||
target_label: component
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: node_name
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: replace
|
||||
replacement: $1
|
||||
separator: /
|
||||
source_labels:
|
||||
- namespace
|
||||
- app
|
||||
target_label: job
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: pod
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: container
|
||||
- action: replace
|
||||
replacement: /var/log/pods/*$1/*.log
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_uid
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: __path__
|
||||
- action: replace
|
||||
replacement: /var/log/pods/*$1/*.log
|
||||
regex: true/(.*)
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
|
||||
- __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: __path__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: promtail-clusterrole
|
||||
labels:
|
||||
app.kubernetes.io/name: promtail
|
||||
rules:
|
||||
- apiGroups: [""] # "" indicates the core API group
|
||||
resources:
|
||||
- nodes
|
||||
- nodes/proxy
|
||||
- services
|
||||
- endpoints
|
||||
- pods
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: promtail-clusterrolebinding
|
||||
labels:
|
||||
app.kubernetes.io/name: promtail
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: promtail
|
||||
namespace: monitoring
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: promtail-clusterrole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: promtail
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: promtail
|
||||
annotations:
|
||||
configmap.reloader.stakater.com/reload: "promtail"
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: promtail
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: promtail
|
||||
annotations:
|
||||
prometheus.io/port: http-metrics
|
||||
prometheus.io/scrape: "true"
|
||||
spec:
|
||||
serviceAccountName: promtail
|
||||
containers:
|
||||
- name: promtail
|
||||
image: "grafana/promtail:2.9.11"
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- "-config.file=/etc/promtail/promtail.yaml"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /etc/promtail
|
||||
- name: run
|
||||
mountPath: /run/promtail
|
||||
- mountPath: /var/lib/docker/containers
|
||||
name: docker
|
||||
readOnly: true
|
||||
- mountPath: /var/log/pods
|
||||
name: pods
|
||||
readOnly: true
|
||||
env:
|
||||
- name: HOSTNAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
ports:
|
||||
- containerPort: 3101
|
||||
name: http-metrics
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 0
|
||||
runAsUser: 0
|
||||
readinessProbe:
|
||||
failureThreshold: 5
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: http-metrics
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: promtail
|
||||
- name: run
|
||||
hostPath:
|
||||
path: /run/promtail
|
||||
- hostPath:
|
||||
path: /var/lib/docker/containers
|
||||
name: docker
|
||||
- hostPath:
|
||||
path: /var/log/pods
|
||||
name: pods
|
||||
---
|
@@ -1,163 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: vmagent
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: victoria-metrics
|
||||
app.kubernetes.io/component: agent
|
||||
data:
|
||||
prometheus.yml: |
|
||||
global:
|
||||
scrape_interval: 1m
|
||||
external_labels:
|
||||
source: civo
|
||||
agent: vmagent
|
||||
scrape_configs:
|
||||
- job_name: 'vmagent'
|
||||
static_configs:
|
||||
- targets: ['localhost:8429']
|
||||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
job_name: kubernetes-nodes
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
relabel_configs:
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_node_label_(.+)
|
||||
- replacement: kubernetes.default.svc:443
|
||||
target_label: __address__
|
||||
- regex: (.+)
|
||||
replacement: /api/v1/nodes/$1/proxy/metrics
|
||||
source_labels:
|
||||
- __meta_kubernetes_node_name
|
||||
target_label: __metrics_path__
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
- job_name: kubernetes-service-endpoints
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_scrape
|
||||
- action: replace
|
||||
regex: (https?)
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_scheme
|
||||
target_label: __scheme__
|
||||
- action: replace
|
||||
regex: (.+)
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_path
|
||||
target_label: __metrics_path__
|
||||
- action: replace
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
source_labels:
|
||||
- __address__
|
||||
- __meta_kubernetes_service_annotation_prometheus_io_port
|
||||
target_label: __address__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_service_label_(.+)
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: kubernetes_namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_service_name
|
||||
target_label: kubernetes_name
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_endpoint_port_name
|
||||
target_label: kubernetes_endpoint_port_name
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: kubernetes_node
|
||||
- job_name: kubernetes-pods
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
relabel_configs:
|
||||
- action: keep
|
||||
regex: true
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_scrape
|
||||
- action: replace
|
||||
regex: (.+)
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_path
|
||||
target_label: __metrics_path__
|
||||
- action: replace
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
source_labels:
|
||||
- __address__
|
||||
- __meta_kubernetes_pod_annotation_prometheus_io_port
|
||||
target_label: __address__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: kubernetes_namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: kubernetes_pod_name
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_container_port_name
|
||||
target_label: kubernetes_port_name
|
||||
- action: drop
|
||||
regex: Pending|Succeeded|Failed
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_phase
|
||||
|
||||
|
||||
---
|
||||
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: vmagent
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: victoria-metrics
|
||||
app.kubernetes.io/component: agent
|
||||
annotations:
|
||||
configmap.reloader.stakater.com/reload: "vmagent"
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: victoria-metrics
|
||||
app.kubernetes.io/component: agent
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: victoria-metrics
|
||||
app.kubernetes.io/component: agent
|
||||
spec:
|
||||
serviceAccountName: prometheus-server
|
||||
containers:
|
||||
- name: vmagent
|
||||
image: "victoriametrics/vmagent:v1.108.1"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
- -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/
|
||||
- -remoteWrite.showURL
|
||||
- -promscrape.config=/config/prometheus.yml
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /config
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: vmagent
|
||||
---
|
87
manifests/monitoring/cadvisor.yaml
Normal file
87
manifests/monitoring/cadvisor.yaml
Normal file
@@ -0,0 +1,87 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app: cadvisor
|
||||
app.kubernetes.io/name: cadvisor
|
||||
name: cadvisor
|
||||
namespace: monitoring
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/pod: docker/default
|
||||
labels:
|
||||
app: cadvisor
|
||||
app.kubernetes.io/name: cadvisor
|
||||
name: cadvisor
|
||||
namespace: monitoring
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cadvisor
|
||||
app.kubernetes.io/name: cadvisor
|
||||
name: cadvisor
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: cadvisor
|
||||
app.kubernetes.io/name: cadvisor
|
||||
name: cadvisor
|
||||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
spec:
|
||||
priorityClassName: system-node-critical
|
||||
tolerations:
|
||||
- key: "CriticalAddonsOnly"
|
||||
operator: "Exists"
|
||||
automountServiceAccountToken: false
|
||||
containers:
|
||||
- image: ghcr.io/google/cadvisor:v0.53.0
|
||||
name: cadvisor
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: 800m
|
||||
memory: 2000Mi
|
||||
requests:
|
||||
cpu: 400m
|
||||
memory: 400Mi
|
||||
volumeMounts:
|
||||
- mountPath: /rootfs
|
||||
name: rootfs
|
||||
readOnly: true
|
||||
- mountPath: /var/run
|
||||
name: var-run
|
||||
readOnly: true
|
||||
- mountPath: /sys
|
||||
name: sys
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/docker
|
||||
name: docker
|
||||
readOnly: true
|
||||
- mountPath: /dev/disk
|
||||
name: disk
|
||||
readOnly: true
|
||||
serviceAccountName: cadvisor
|
||||
terminationGracePeriodSeconds: 30
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /
|
||||
name: rootfs
|
||||
- hostPath:
|
||||
path: /var/run
|
||||
name: var-run
|
||||
- hostPath:
|
||||
path: /sys
|
||||
name: sys
|
||||
- hostPath:
|
||||
path: /var/lib/docker
|
||||
name: docker
|
||||
- hostPath:
|
||||
path: /dev/disk
|
||||
name: disk
|
142
manifests/monitoring/ephemeral-storage-exporter.yaml
Normal file
142
manifests/monitoring/ephemeral-storage-exporter.yaml
Normal file
@@ -0,0 +1,142 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
name: k8s-ephemeral-storage-metrics
|
||||
namespace: monitoring
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: k8s-ephemeral-storage-metrics
|
||||
labels:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes","nodes/proxy", "nodes/stats", "pods"]
|
||||
verbs: ["get","list", "watch"]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: k8s-ephemeral-storage-metrics
|
||||
labels:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: k8s-ephemeral-storage-metrics
|
||||
namespace: monitoring
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: k8s-ephemeral-storage-metrics
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: k8s-ephemeral-storage-metrics
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
annotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/port: "9100"
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 9100
|
||||
protocol: TCP
|
||||
targetPort: metrics
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: k8s-ephemeral-storage-metrics
|
||||
namespace: monitoring
|
||||
labels:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
|
||||
spec:
|
||||
serviceAccountName: k8s-ephemeral-storage-metrics
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
containers:
|
||||
- name: metrics
|
||||
image: ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics:1.18.2
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9100
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
failureThreshold: 10
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: 9100
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 30
|
||||
readinessProbe:
|
||||
failureThreshold: 10
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: 9100
|
||||
scheme: HTTP
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
env:
|
||||
- name: DEPLOY_TYPE
|
||||
value: "Deployment"
|
||||
- name: SCRAPE_INTERVAL
|
||||
value: "15"
|
||||
- name: MAX_NODE_CONCURRENCY
|
||||
value: "10"
|
||||
- name: CLIENT_GO_QPS
|
||||
value: "5"
|
||||
- name: CLIENT_GO_BURST
|
||||
value: "10"
|
||||
- name: LOG_LEVEL
|
||||
value: "info"
|
||||
- name: EPHEMERAL_STORAGE_POD_USAGE
|
||||
value: "true"
|
||||
- name: EPHEMERAL_STORAGE_NODE_AVAILABLE
|
||||
value: "true"
|
||||
- name: EPHEMERAL_STORAGE_NODE_CAPACITY
|
||||
value: "true"
|
||||
- name: EPHEMERAL_STORAGE_NODE_PERCENTAGE
|
||||
value: "true"
|
||||
- name: EPHEMERAL_STORAGE_CONTAINER_LIMIT_PERCENTAGE
|
||||
value: "true"
|
||||
- name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_USAGE
|
||||
value: "true"
|
||||
- name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_LIMITS_PERCENTAGE
|
||||
value: "true"
|
||||
- name: EPHEMERAL_STORAGE_INODES
|
||||
value: "true"
|
@@ -201,6 +201,7 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: kube-state-metrics
|
||||
spec:
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: kube-state-metrics
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
@@ -237,7 +238,7 @@ spec:
|
||||
- --resources=validatingwebhookconfigurations
|
||||
#- --resources=volumeattachments
|
||||
imagePullPolicy: IfNotPresent
|
||||
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0"
|
||||
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
livenessProbe:
|
||||
|
@@ -51,10 +51,11 @@ spec:
|
||||
app.kubernetes.io/name: prometheus
|
||||
app.kubernetes.io/component: node-exporter
|
||||
spec:
|
||||
priorityClassName: system-node-critical
|
||||
serviceAccountName: prometheus-node-exporter
|
||||
containers:
|
||||
- name: prometheus-node-exporter
|
||||
image: "prom/node-exporter:v1.8.2"
|
||||
image: "prom/node-exporter:v1.9.1"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
- --path.procfs=/host/proc
|
||||
|
@@ -212,10 +212,11 @@ spec:
|
||||
prometheus.io/port: http-metrics
|
||||
prometheus.io/scrape: "true"
|
||||
spec:
|
||||
priorityClassName: system-node-critical
|
||||
serviceAccountName: promtail
|
||||
containers:
|
||||
- name: promtail
|
||||
image: "grafana/promtail:2.9.11"
|
||||
image: "grafana/promtail:2.9.15"
|
||||
imagePullPolicy: IfNotPresent
|
||||
args:
|
||||
- "-config.file=/etc/promtail/promtail.yaml"
|
||||
|
@@ -17,6 +17,11 @@ data:
|
||||
- job_name: 'vmagent'
|
||||
static_configs:
|
||||
- targets: ['localhost:8429']
|
||||
relabel_configs:
|
||||
- action: drop
|
||||
source_labels: [__name__]
|
||||
regex: "flag"
|
||||
|
||||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
job_name: kubernetes-nodes
|
||||
kubernetes_sd_configs:
|
||||
@@ -36,6 +41,38 @@ data:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
|
||||
- job_name: cadvisor
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
relabel_configs:
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_node_label_(.+)
|
||||
- replacement: kubernetes.default.svc:443
|
||||
target_label: __address__
|
||||
- source_labels: [__meta_kubernetes_node_name]
|
||||
regex: (.+)
|
||||
target_label: __metrics_path__
|
||||
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
|
||||
# Drop high cardinality labels
|
||||
- action: labeldrop
|
||||
regex: id
|
||||
# Drop unneeded labels
|
||||
- action: labeldrop
|
||||
regex: beta_kubernetes_io_os
|
||||
- action: labeldrop
|
||||
regex: beta_kubernetes_io_arch
|
||||
- action: labeldrop
|
||||
regex: kubernetes_io_arch
|
||||
- action: labeldrop
|
||||
regex: kubernetes_io_os
|
||||
- action: labeldrop
|
||||
regex: topology_jiva_openebs_io_nodeName
|
||||
|
||||
- job_name: kubernetes-service-endpoints
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
@@ -78,6 +115,21 @@ data:
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: kubernetes_node
|
||||
# We don't care about the flag metrics from VM
|
||||
- action: drop
|
||||
source_labels: [__name__]
|
||||
regex: "flag"
|
||||
# Drop unneeded labels
|
||||
- action: labeldrop
|
||||
regex: beta_kubernetes_io_os
|
||||
- action: labeldrop
|
||||
regex: beta_kubernetes_io_arch
|
||||
- action: labeldrop
|
||||
regex: kubernetes_io_arch
|
||||
- action: labeldrop
|
||||
regex: kubernetes_io_os
|
||||
- action: labeldrop
|
||||
regex: topology_jiva_openebs_io_nodeName
|
||||
|
||||
- job_name: kubernetes-pods
|
||||
kubernetes_sd_configs:
|
||||
@@ -116,6 +168,17 @@ data:
|
||||
regex: Pending|Succeeded|Failed
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_phase
|
||||
# Drop unneeded labels
|
||||
- action: labeldrop
|
||||
regex: beta_kubernetes_io_os
|
||||
- action: labeldrop
|
||||
regex: beta_kubernetes_io_arch
|
||||
- action: labeldrop
|
||||
regex: kubernetes_io_arch
|
||||
- action: labeldrop
|
||||
regex: kubernetes_io_os
|
||||
- action: labeldrop
|
||||
regex: topology_jiva_openebs_io_nodeName
|
||||
|
||||
- job_name: 'node-exporter'
|
||||
kubernetes_sd_configs:
|
||||
@@ -150,10 +213,11 @@ spec:
|
||||
app.kubernetes.io/name: victoria-metrics
|
||||
app.kubernetes.io/component: agent
|
||||
spec:
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: prometheus-server
|
||||
containers:
|
||||
- name: vmagent
|
||||
image: "victoriametrics/vmagent:v1.108.1"
|
||||
image: "victoriametrics/vmagent:v1.128.0"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
- -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/
|
||||
|
@@ -201,9 +201,10 @@ spec:
|
||||
app.kubernetes.io/component: app
|
||||
nextcloud-nextcloud-redis-client: "true"
|
||||
spec:
|
||||
priorityClassName: critical
|
||||
containers:
|
||||
- name: nextcloud
|
||||
image: "nextcloud:30.0.4-apache"
|
||||
image: "nextcloud:32.0.0-apache"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: SQLITE_DATABASE
|
||||
@@ -282,7 +283,11 @@ spec:
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
memory: 450Mi
|
||||
cpu: 1038m
|
||||
memory: 765M
|
||||
limits:
|
||||
cpu: 1200m
|
||||
memory: 765M
|
||||
volumeMounts:
|
||||
- name: nextcloud-data
|
||||
mountPath: /var/www/
|
||||
@@ -374,7 +379,7 @@ spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: nextcloud
|
||||
image: "nextcloud:30.0.4-apache"
|
||||
image: "nextcloud:32.0.0-apache"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: [ "curl" ]
|
||||
args:
|
||||
|
@@ -15,7 +15,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx
|
||||
namespace: ingress-nginx
|
||||
---
|
||||
@@ -27,7 +26,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-admission
|
||||
namespace: ingress-nginx
|
||||
---
|
||||
@@ -39,7 +37,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx
|
||||
namespace: ingress-nginx
|
||||
rules:
|
||||
@@ -144,7 +141,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-admission
|
||||
namespace: ingress-nginx
|
||||
rules:
|
||||
@@ -163,7 +159,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx
|
||||
rules:
|
||||
- apiGroups:
|
||||
@@ -245,7 +240,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-admission
|
||||
rules:
|
||||
- apiGroups:
|
||||
@@ -264,7 +258,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx
|
||||
namespace: ingress-nginx
|
||||
roleRef:
|
||||
@@ -284,7 +277,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-admission
|
||||
namespace: ingress-nginx
|
||||
roleRef:
|
||||
@@ -303,7 +295,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
@@ -322,7 +313,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-admission
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
@@ -335,6 +325,7 @@ subjects:
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
annotations-risk-level: Critical
|
||||
allow-snippet-annotations: "true"
|
||||
use-proxy-protocol: "true"
|
||||
log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "remote_addr_masked": "$remote_addr_masked", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }'
|
||||
@@ -369,7 +360,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
---
|
||||
@@ -405,7 +395,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
spec:
|
||||
@@ -438,7 +427,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-controller-admission
|
||||
namespace: ingress-nginx
|
||||
spec:
|
||||
@@ -461,7 +449,6 @@ metadata:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
app.kubernetes.io/version: 1.5.1
|
||||
name: ingress-nginx-controller
|
||||
namespace: ingress-nginx
|
||||
spec:
|
||||
@@ -505,7 +492,7 @@ spec:
|
||||
fieldPath: metadata.namespace
|
||||
- name: LD_PRELOAD
|
||||
value: /usr/local/lib/libmimalloc.so
|
||||
image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
|
||||
image: registry.k8s.io/ingress-nginx/controller:v1.13.3@sha256:1b044f6dcac3afbb59e05d98463f1dec6f3d3fb99940bc12ca5d80270358e3bd
|
||||
imagePullPolicy: IfNotPresent
|
||||
lifecycle:
|
||||
preStop:
|
||||
@@ -546,7 +533,7 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 90Mi
|
||||
memory: 150Mi
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities:
|
||||
@@ -715,3 +702,20 @@ webhooks:
|
||||
resources:
|
||||
- ingresses
|
||||
sideEffects: None
|
||||
---
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/component: controller
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: ingress-nginx
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/component: controller
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
minAvailable: 1
|
||||
|
@@ -57,7 +57,7 @@ spec:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: update-native-modules
|
||||
image: nodered/node-red:4.0.8-18
|
||||
image: nodered/node-red:4.1.1-18
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- bash
|
||||
@@ -66,16 +66,23 @@ spec:
|
||||
cd /data
|
||||
npm rebuild
|
||||
npm install tldts
|
||||
npm install @atproto/api
|
||||
npm install node-fetch
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
containers:
|
||||
- name: web
|
||||
image: nodered/node-red:4.0.8-18
|
||||
image: nodered/node-red:4.1.1-18
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 1880
|
||||
name: web
|
||||
resources:
|
||||
requests:
|
||||
memory: 200M
|
||||
limits:
|
||||
memory: 200M
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
|
@@ -47,11 +47,10 @@ metadata:
|
||||
namespace: opengraph
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- opengraph.cluster.fun
|
||||
|
@@ -43,9 +43,10 @@ spec:
|
||||
labels:
|
||||
app.kubernetes.io/name: outline
|
||||
spec:
|
||||
priorityClassName: critical
|
||||
containers:
|
||||
- name: outline
|
||||
image: outlinewiki/outline:0.81.1
|
||||
image: outlinewiki/outline:0.87.4
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: ALLOWED_DOMAINS
|
||||
@@ -72,7 +73,9 @@ spec:
|
||||
resources:
|
||||
requests:
|
||||
cpu: 8m
|
||||
memory: 800Mi
|
||||
memory: 1389M
|
||||
limits:
|
||||
memory: 1489M
|
||||
volumeMounts:
|
||||
- mountPath: /opt/outline/.env
|
||||
subPath: .env
|
||||
|
7
manifests/priority-classes/critical.yaml
Normal file
7
manifests/priority-classes/critical.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: scheduling.k8s.io/v1
|
||||
kind: PriorityClass
|
||||
metadata:
|
||||
name: critical
|
||||
value: 1000
|
||||
globalDefault: false
|
||||
preemptionPolicy: PreemptLowerPriority
|
7
manifests/priority-classes/low.yaml
Normal file
7
manifests/priority-classes/low.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: scheduling.k8s.io/v1
|
||||
kind: PriorityClass
|
||||
metadata:
|
||||
name: low
|
||||
value: 10
|
||||
globalDefault: false
|
||||
preemptionPolicy: Never
|
7
manifests/priority-classes/normal.yaml
Normal file
7
manifests/priority-classes/normal.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: scheduling.k8s.io/v1
|
||||
kind: PriorityClass
|
||||
metadata:
|
||||
name: normal
|
||||
value: 100
|
||||
globalDefault: true
|
||||
preemptionPolicy: PreemptLowerPriority
|
@@ -1,149 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: tailscale-auth
|
||||
namespace: proxy-civo
|
||||
annotations:
|
||||
kube-1password: 2cqycmsgv5r7vcyvjpblcl2l4y
|
||||
kube-1password/vault: Kubernetes
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: host-mappings
|
||||
namespace: proxy-civo
|
||||
labels:
|
||||
app: proxy
|
||||
data:
|
||||
mapping.json: |
|
||||
{
|
||||
"vmcluster.proxy-civo.svc": "vmcluster.cluster.local",
|
||||
"loki.proxy-civo.svc": "loki-write.cluster.local",
|
||||
"loki.proxy-civo.svc:80": "loki-write.cluster.local",
|
||||
"loki-distributed.proxy-civo.svc": "loki-loki.cluster.local",
|
||||
"loki-distributed.proxy-civo.svc:80": "loki-loki.cluster.local"
|
||||
}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: internal-proxy
|
||||
namespace: proxy-civo
|
||||
labels:
|
||||
app: internal-proxy
|
||||
annotations:
|
||||
configmap.reloader.stakater.com/reload: "host-mappings"
|
||||
secret.reloader.stakater.com/reload: "tailscale-auth"
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: internal-proxy
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: internal-proxy
|
||||
spec:
|
||||
serviceAccountName: default
|
||||
dnsPolicy: ClusterFirst
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- 100.100.100.100
|
||||
containers:
|
||||
- name: proxy
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/proxy:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: PROXY_DESTINATION
|
||||
value: talos.tail4dfb.ts.net
|
||||
- name: PORT
|
||||
value: "8080"
|
||||
- name: TS_AUTH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tailscale-auth
|
||||
key: password
|
||||
- name: TS_HOSTNAME
|
||||
value: proxy-civo-internal-proxy
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: host-mappings
|
||||
mountPath: /config/
|
||||
volumes:
|
||||
- name: host-mappings
|
||||
configMap:
|
||||
name: host-mappings
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: loki
|
||||
namespace: proxy-civo
|
||||
labels:
|
||||
app: internal-proxy
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: internal-proxy
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: loki-distributed
|
||||
namespace: proxy-civo
|
||||
labels:
|
||||
app: internal-proxy
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: internal-proxy
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: prometheus
|
||||
namespace: proxy-civo
|
||||
labels:
|
||||
app: internal-proxy
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: internal-proxy
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: vmcluster
|
||||
namespace: proxy-civo
|
||||
labels:
|
||||
app: internal-proxy
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: internal-proxy
|
||||
type: ClusterIP
|
||||
---
|
@@ -47,11 +47,10 @@ metadata:
|
||||
namespace: qr
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- qr.cluster.fun
|
||||
|
@@ -327,9 +327,10 @@ spec:
|
||||
weight: 1
|
||||
nodeAffinity:
|
||||
terminationGracePeriodSeconds: 30
|
||||
priorityClassName: critical
|
||||
containers:
|
||||
- name: redis
|
||||
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
|
||||
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
@@ -471,7 +472,7 @@ spec:
|
||||
terminationGracePeriodSeconds: 30
|
||||
containers:
|
||||
- name: redis
|
||||
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
|
||||
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
|
@@ -25,6 +25,8 @@ data:
|
||||
POLLING_FREQUENCY: "15"
|
||||
BASE_URL: "https://miniflux.cluster.fun/"
|
||||
METRICS_COLLECTOR: "1"
|
||||
CLEANUP_ARCHIVE_READ_DAYS: "365"
|
||||
CLEANUP_ARCHIVE_UNREAD_DAYS: "365"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
@@ -66,7 +68,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: ghcr.io/miniflux/miniflux:2.2.4
|
||||
image: ghcr.io/miniflux/miniflux:2.2.14
|
||||
imagePullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
|
@@ -2,7 +2,7 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: docker-config
|
||||
namespace: social-to-grist
|
||||
namespace: social-to-rolodex
|
||||
annotations:
|
||||
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
|
||||
kube-1password/vault: Kubernetes
|
||||
@@ -14,8 +14,8 @@ data:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: social-to-grist-auth
|
||||
namespace: social-to-grist
|
||||
name: social-to-rolodex-auth
|
||||
namespace: social-to-rolodex
|
||||
annotations:
|
||||
kube-1password: mr6spkkx7n3memkbute6ojaarm
|
||||
kube-1password/vault: Kubernetes
|
||||
@@ -24,8 +24,8 @@ type: Opaque
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: social-to-grist
|
||||
namespace: social-to-grist
|
||||
name: social-to-rolodex
|
||||
namespace: social-to-rolodex
|
||||
annotations:
|
||||
kube-1password: oa3ycnui3ji4lc665bifaao63q
|
||||
kube-1password/vault: Kubernetes
|
||||
@@ -35,8 +35,8 @@ type: Opaque
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: social-to-grist
|
||||
namespace: social-to-grist
|
||||
name: social-to-rolodex
|
||||
namespace: social-to-rolodex
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
@@ -44,22 +44,22 @@ spec:
|
||||
targetPort: auth
|
||||
name: web
|
||||
selector:
|
||||
app: social-to-grist
|
||||
app: social-to-rolodex
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: social-to-grist
|
||||
namespace: social-to-grist
|
||||
name: social-to-rolodex
|
||||
namespace: social-to-rolodex
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: social-to-grist
|
||||
app: social-to-rolodex
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: social-to-grist
|
||||
app: social-to-rolodex
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: docker-config
|
||||
@@ -70,7 +70,7 @@ spec:
|
||||
- --provider-display-name=Auth0
|
||||
- --upstream=http://localhost:8080
|
||||
- --http-address=$(HOST_IP):8000
|
||||
- --redirect-url=https://social-to-grist.cluster.fun/oauth2/callback
|
||||
- --redirect-url=https://social-to-rolodex.cluster.fun/oauth2/callback
|
||||
- --email-domain=marcusnoble.co.uk
|
||||
- --pass-basic-auth=false
|
||||
- --pass-access-token=false
|
||||
@@ -86,13 +86,13 @@ spec:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: username
|
||||
name: social-to-grist-auth
|
||||
name: social-to-rolodex-auth
|
||||
- name: OAUTH2_PROXY_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: social-to-grist-auth
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
|
||||
name: social-to-rolodex-auth
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
|
||||
name: oauth-proxy
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
@@ -104,14 +104,14 @@ spec:
|
||||
requests:
|
||||
memory: 50Mi
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-grist:latest
|
||||
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-rolodex:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: PORT
|
||||
value: "8080"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: "social-to-grist"
|
||||
name: "social-to-rolodex"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: web
|
||||
@@ -125,27 +125,26 @@ spec:
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: social-to-grist
|
||||
namespace: social-to-grist
|
||||
name: social-to-rolodex
|
||||
namespace: social-to-rolodex
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- social-to-grist.cluster.fun
|
||||
secretName: social-to-grist-ingress
|
||||
- social-to-rolodex.cluster.fun
|
||||
secretName: social-to-rolodex-ingress
|
||||
rules:
|
||||
- host: social-to-grist.cluster.fun
|
||||
- host: social-to-rolodex.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: social-to-grist
|
||||
name: social-to-rolodex
|
||||
port:
|
||||
number: 80
|
@@ -1,106 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: docker-config
|
||||
namespace: starling
|
||||
annotations:
|
||||
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-key: .dockerconfigjson
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
data:
|
||||
.dockerconfigjson: e30=
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: starling
|
||||
namespace: starling
|
||||
annotations:
|
||||
kube-1password: ufxpki65ffgprn2upksirweeie
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-parse: "true"
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: starling
|
||||
namespace: starling
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: web
|
||||
name: web
|
||||
selector:
|
||||
app: starling
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: starling
|
||||
namespace: starling
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: starling
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: starling
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: docker-config
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus-private/starling:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: PORT
|
||||
value: "3000"
|
||||
- name: SHARED_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: starling
|
||||
key: SHARED_SECRET
|
||||
- name: ACCESS_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: starling
|
||||
key: ACCESS_TOKEN
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: web
|
||||
resources:
|
||||
limits:
|
||||
memory: 50Mi
|
||||
requests:
|
||||
memory: 50Mi
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: starling
|
||||
namespace: starling
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- starling.marcusnoble.co.uk
|
||||
secretName: starling-ingress
|
||||
rules:
|
||||
- host: starling.marcusnoble.co.uk
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: starling
|
||||
port:
|
||||
number: 80
|
@@ -27,6 +27,7 @@ spec:
|
||||
labels:
|
||||
app: svg-to-dxf
|
||||
spec:
|
||||
priorityClassName: low
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/svg-to-dxf:latest
|
||||
@@ -45,14 +46,11 @@ metadata:
|
||||
namespace: svg-to-dxf
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/buffering: |
|
||||
maxrequestbodybytes: 31457280
|
||||
memrequestbodybytes: 62914560
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- svg-to-dxf.cluster.fun
|
||||
|
@@ -1,45 +1,3 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: talks
|
||||
namespace: talks
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: web
|
||||
name: web
|
||||
selector:
|
||||
app: talks
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: talks
|
||||
namespace: talks
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: talks
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: talks
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/talks:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
resources:
|
||||
limits:
|
||||
memory: 20Mi
|
||||
requests:
|
||||
memory: 20Mi
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
@@ -47,24 +5,13 @@ metadata:
|
||||
namespace: talks
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/permanent-redirect: https://speaking.marcusnoble.co.uk
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- talks.marcusnoble.co.uk
|
||||
secretName: talks-ingress
|
||||
rules:
|
||||
- host: talks.marcusnoble.co.uk
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: talks
|
||||
port:
|
||||
number: 80
|
||||
|
||||
|
@@ -1,57 +0,0 @@
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: tank
|
||||
namespace: tank
|
||||
annotations:
|
||||
kube-1password: g6xle67quzowvvekf6zukjbbm4
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-parse: "true"
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: tank
|
||||
namespace: tank
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: web
|
||||
selector:
|
||||
app: tank
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: tank
|
||||
namespace: tank
|
||||
labels:
|
||||
app: tank
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: tank
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: tank
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/tank:latest
|
||||
imagePullPolicy: Always
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: tank
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: web
|
||||
resources:
|
||||
limits:
|
||||
memory: 10Mi
|
||||
requests:
|
||||
memory: 10Mi
|
@@ -27,6 +27,7 @@ spec:
|
||||
labels:
|
||||
app: text-to-dxf
|
||||
spec:
|
||||
priorityClassName: low
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/text-to-dxf:latest
|
||||
@@ -45,11 +46,10 @@ metadata:
|
||||
namespace: text-to-dxf
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- text-to-dxf.cluster.fun
|
||||
|
@@ -1,45 +1,3 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: til
|
||||
namespace: til
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: web
|
||||
name: web
|
||||
selector:
|
||||
app: til
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: til
|
||||
namespace: til
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: til
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: til
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/til:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
resources:
|
||||
limits:
|
||||
memory: 20Mi
|
||||
requests:
|
||||
memory: 20Mi
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
@@ -47,24 +5,25 @@ metadata:
|
||||
namespace: til
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
nginx.ingress.kubernetes.io/server-snippet: |
|
||||
rewrite ^/dont-reuse-keys/?$ https://marcusnoble.co.uk/2020-10-03-t-i-l-don-t-reuse-api-keys/ permanent;
|
||||
rewrite ^/favicons/?$ https://marcusnoble.co.uk/2020-11-10-t-i-l-how-to-get-the-favicon-of-any-site/ permanent;
|
||||
rewrite ^/getopts/?$ https://marcusnoble.co.uk/2021-08-04-t-i-l-cli-flag-handling-in-bash-using-getopts/ permanent;
|
||||
rewrite ^/go-named-return-values/?$ https://marcusnoble.co.uk/2020-10-05-t-i-l-named-returns-in-go-functions/ permanent;
|
||||
rewrite ^/golang-append/?$ https://marcusnoble.co.uk/2020-10-30-t-i-l-golang-s-append-mutates-the-provided-array/ permanent;
|
||||
rewrite ^/golang-split-by-space/?$ https://marcusnoble.co.uk/2020-09-18-t-i-l-split-on-spaces-in-go/ permanent;
|
||||
rewrite ^/kubectl-replace/?$ https://marcusnoble.co.uk/2020-09-25-t-i-l-kubectl-replace/ permanent;
|
||||
rewrite ^/kubernetes-label-length/?$ https://marcusnoble.co.uk/2021-04-20-t-i-l-kubernetes-label-length/ permanent;
|
||||
rewrite ^/tekton-multi-arch-builds/?$ https://marcusnoble.co.uk/2020-09-13-t-i-l-tekton-multi-arch-image-builds/ permanent;
|
||||
rewrite ^/yaml-key-spaces/?$ https://marcusnoble.co.uk/2021-05-11-t-i-l-yaml-keys-allow-for-spaces-in-them/ permanent;
|
||||
rewrite ^/yaml-multiline/?$ https://marcusnoble.co.uk/2020-09-17-t-i-l-yaml-multiline-values/ permanent;
|
||||
rewrite ^/?$ https://marcusnoble.co.uk/ permanent;
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- til.marcusnoble.co.uk
|
||||
secretName: til-ingress
|
||||
rules:
|
||||
- host: til.marcusnoble.co.uk
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: til
|
||||
port:
|
||||
number: 80
|
||||
|
||||
|
@@ -45,7 +45,7 @@ spec:
|
||||
- --entrypoints.websecure.http.tls=true
|
||||
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
image: rancher/mirrored-library-traefik:2.11.11
|
||||
image: rancher/mirrored-library-traefik:3.5.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
|
@@ -1,92 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: tweetsvg
|
||||
namespace: tweetsvg
|
||||
annotations:
|
||||
kube-1password: dmjtjxrcpqtmeddq5x7zikj37i
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-key: .env
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: tweetsvg
|
||||
namespace: tweetsvg
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 8080
|
||||
name: web
|
||||
selector:
|
||||
app: tweetsvg
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: tweetsvg
|
||||
namespace: tweetsvg
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: tweetsvg
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: tweetsvg
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/tweetsvg:latest
|
||||
imagePullPolicy: Always
|
||||
# env:
|
||||
# - name: DOTENV_DIR
|
||||
# value: /config/
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: web
|
||||
resources:
|
||||
limits:
|
||||
memory: 100Mi
|
||||
requests:
|
||||
memory: 100Mi
|
||||
volumeMounts:
|
||||
- name: dotenv
|
||||
mountPath: /app/.env
|
||||
subPath: .env
|
||||
volumes:
|
||||
- name: dotenv
|
||||
secret:
|
||||
secretName: tweetsvg
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: tweetsvg
|
||||
namespace: tweetsvg
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- tweet.cluster.fun
|
||||
secretName: tweetsvg-ingress
|
||||
rules:
|
||||
- host: tweet.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: tweetsvg
|
||||
port:
|
||||
number: 80
|
||||
|
@@ -1,86 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: twitter-profile-pic
|
||||
namespace: twitter-profile-pic
|
||||
annotations:
|
||||
kube-1password: d2rt56v47q2wij47qgj27umrky
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-key: .env
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: twitter-profile-pic
|
||||
namespace: twitter-profile-pic
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 9090
|
||||
name: web
|
||||
selector:
|
||||
app: twitter-profile-pic
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: twitter-profile-pic
|
||||
namespace: twitter-profile-pic
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: twitter-profile-pic
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: twitter-profile-pic
|
||||
spec:
|
||||
containers:
|
||||
- name: web
|
||||
image: rg.fr-par.scw.cloud/averagemarcus/twitter-profile-pic:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
name: web
|
||||
resources:
|
||||
limits:
|
||||
memory: 100Mi
|
||||
requests:
|
||||
memory: 100Mi
|
||||
volumeMounts:
|
||||
- name: dotenv
|
||||
mountPath: /app/.env
|
||||
subPath: .env
|
||||
volumes:
|
||||
- name: dotenv
|
||||
secret:
|
||||
secretName: twitter-profile-pic
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: twitter-profile-pic-cluster-fun
|
||||
namespace: twitter-profile-pic
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- twitter-profile-pic.cluster.fun
|
||||
secretName: twitter-profile-pic-cluster-fun-ingress
|
||||
rules:
|
||||
- host: twitter-profile-pic.cluster.fun
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: twitter-profile-pic
|
||||
port:
|
||||
number: 80
|
@@ -1,204 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: wallabag
|
||||
namespace: wallabag
|
||||
annotations:
|
||||
kube-1password: 4yogl6yx6t4trrkq7o35tiyj6i
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-parse: "true"
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: wallabag
|
||||
namespace: wallabag
|
||||
labels:
|
||||
app.kubernetes.io/name: wallabag
|
||||
annotations:
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app.kubernetes.io/name: wallabag
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: wallabag
|
||||
namespace: wallabag
|
||||
labels:
|
||||
app.kubernetes.io/name: wallabag-init
|
||||
spec:
|
||||
suspend: true
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: wallabag-init
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: db-init
|
||||
image: "wallabag/wallabag:latest"
|
||||
imagePullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: wallabag
|
||||
env:
|
||||
- name: "SYMFONY__ENV__DATABASE_CHARSET"
|
||||
value: "utf8"
|
||||
- name: "SYMFONY__ENV__DATABASE_DRIVER"
|
||||
value: "pdo_pgsql"
|
||||
- name: "SYMFONY__ENV__DATABASE_NAME"
|
||||
value: "wallabag"
|
||||
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
|
||||
value: "wallabag_"
|
||||
- name: "SYMFONY__ENV__DOMAIN_NAME"
|
||||
value: "https://wallabag.cluster.fun"
|
||||
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
|
||||
value: "false"
|
||||
- name: "SYMFONY__ENV__LOCALE"
|
||||
value: "en"
|
||||
- name: "TZ"
|
||||
value: "UTC"
|
||||
command:
|
||||
- /var/www/wallabag/bin/console
|
||||
- wallabag:install
|
||||
- --env=prod
|
||||
- --no-interaction
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: wallabag
|
||||
namespace: wallabag
|
||||
labels:
|
||||
app.kubernetes.io/name: wallabag
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: wallabag
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: wallabag
|
||||
spec:
|
||||
initContainers:
|
||||
- name: db-migrate
|
||||
image: "wallabag/wallabag:2.6.10"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /var/www/wallabag/bin/console
|
||||
- doctrine:migrations:migrate
|
||||
- --env=prod
|
||||
- --no-interaction
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: wallabag
|
||||
env:
|
||||
- name: "SYMFONY__ENV__DATABASE_CHARSET"
|
||||
value: "utf8"
|
||||
- name: "SYMFONY__ENV__DATABASE_DRIVER"
|
||||
value: "pdo_pgsql"
|
||||
- name: "SYMFONY__ENV__DATABASE_NAME"
|
||||
value: "wallabag"
|
||||
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
|
||||
value: "wallabag_"
|
||||
- name: "SYMFONY__ENV__DOMAIN_NAME"
|
||||
value: "https://wallabag.cluster.fun"
|
||||
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
|
||||
value: "false"
|
||||
- name: "SYMFONY__ENV__LOCALE"
|
||||
value: "en"
|
||||
- name: "TZ"
|
||||
value: "UTC"
|
||||
- name: "POPULATE_DATABASE"
|
||||
value: "false"
|
||||
containers:
|
||||
- name: wallabag
|
||||
image: "wallabag/wallabag:2.6.10"
|
||||
imagePullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: wallabag
|
||||
env:
|
||||
- name: "SYMFONY__ENV__DATABASE_CHARSET"
|
||||
value: "utf8"
|
||||
- name: "SYMFONY__ENV__DATABASE_DRIVER"
|
||||
value: "pdo_pgsql"
|
||||
- name: "SYMFONY__ENV__DATABASE_NAME"
|
||||
value: "wallabag"
|
||||
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
|
||||
value: "wallabag_"
|
||||
- name: "SYMFONY__ENV__DOMAIN_NAME"
|
||||
value: "https://wallabag.cluster.fun"
|
||||
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
|
||||
value: "false"
|
||||
- name: "SYMFONY__ENV__LOCALE"
|
||||
value: "en"
|
||||
- name: "TZ"
|
||||
value: "UTC"
|
||||
- name: "POPULATE_DATABASE"
|
||||
value: "false"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 80
|
||||
initialDelaySeconds: 0
|
||||
failureThreshold: 3
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 80
|
||||
initialDelaySeconds: 0
|
||||
failureThreshold: 3
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
startupProbe:
|
||||
tcpSocket:
|
||||
port: 80
|
||||
initialDelaySeconds: 0
|
||||
failureThreshold: 30
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 5
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: wallabag
|
||||
namespace: wallabag
|
||||
labels:
|
||||
app.kubernetes.io/name: wallabag
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- "wallabag.cluster.fun"
|
||||
secretName: "wallabag-ingress"
|
||||
rules:
|
||||
- host: "wallabag.cluster.fun"
|
||||
http:
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: wallabag
|
||||
port:
|
||||
number: 80
|
95
manifests/yay-or-nay/yay-or-nay.yaml
Normal file
95
manifests/yay-or-nay/yay-or-nay.yaml
Normal file
@@ -0,0 +1,95 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: yay-or-nay
|
||||
namespace: yay-or-nay
|
||||
annotations:
|
||||
kube-1password: vtnx2swze7r6qepxnlepufvcbi
|
||||
kube-1password/vault: Kubernetes
|
||||
kube-1password/secret-text-parse: "true"
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: yay-or-nay
|
||||
labels:
|
||||
app: yay-or-nay
|
||||
app.kubernetes.io/name: yay-or-nay
|
||||
annotations:
|
||||
reloader.stakater.com/search: "true"
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: yay-or-nay
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: yay-or-nay
|
||||
app.kubernetes.io/name: yay-or-nay
|
||||
spec:
|
||||
containers:
|
||||
- name: yay-or-nay
|
||||
image: ghcr.io/mocdaniel/yay-or-nay:1.1.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: web
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: yay-or-nay
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: web
|
||||
initialDelaySeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: web
|
||||
initialDelaySeconds: 10
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: yay-or-nay
|
||||
labels:
|
||||
app.kubernetes.io/name: yay-or-nay
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: web
|
||||
name: web
|
||||
selector:
|
||||
app: yay-or-nay
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: yay-or-nay
|
||||
namespace: yay-or-nay
|
||||
labels:
|
||||
app.kubernetes.io/name: yay-or-nay
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- "yay-or-nay.cluster.fun"
|
||||
secretName: "yay-or-nay-ingress"
|
||||
rules:
|
||||
- host: "yay-or-nay.cluster.fun"
|
||||
http:
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: yay-or-nay
|
||||
port:
|
||||
name: web
|
Reference in New Issue
Block a user